Releases: SonarSource/sonar-dotnet
Releases · SonarSource/sonar-dotnet
7.9.1
7.9
New C# Rules
- 1993 - Rule S4792: Configuring loggers is security-sensitive
- 1992 - Rule S4834: Controlling permissions is security-sensitive
- 1991 - Rule S4529: Exposing HTTP endpoints is security-sensitive
- 1990 - Rule S4507: Delivering code in production with debug features activated is security-sensitive
- 1989 - Rule S4829: Reading the Standard Input is security-sensitive
- 1988 - Rule S2077: Executing SQL queries is security-sensitive
- 1987 - Rule S1523: Dynamically executing code is security-sensitive
- 1986 - Rule S4823: Using command line arguments is security-sensitive
- 1985 - Rule S4818: Using Sockets is security-sensitive
- 1984 - Rule S4790: Hashing data is security-sensitive
- 1983 - Rule S3011: Changing or bypassing accessibility is security-sensitive
- 1982 - Rule S4825: Sending HTTP requests is security-sensitive
- 1981 - Rule S4817: Executing XPath expressions is security-sensitive
- 1980 - Rule S4787: Encrypting data is security-sensitive
- 1979 - Rule S4797: Handling files is security-sensitive
- 1978 - Rule S4721: Executing OS commands is security-sensitive
- 1905 - Rule S4784: Using regular expressions is security-sensitive
New VB.NET Rules
- 1993 - Rule S4792: Configuring loggers is security-sensitive
- 1992 - Rule S4834: Controlling permissions is security-sensitive
- 1991 - Rule S4529: Exposing HTTP endpoints is security-sensitive
- 1990 - Rule S4507: Delivering code in production with debug features activated is security-sensitive
- 1989 - Rule S4829: Reading the Standard Input is security-sensitive
- 1988 - Rule S2077: Executing SQL queries is security-sensitive
- 1987 - Rule S1523: Dynamically executing code is security-sensitive
- 1986 - Rule S4823: Using command line arguments is security-sensitive
- 1985 - Rule S4818: Using Sockets is security-sensitive
- 1984 - Rule S4790: Hashing data is security-sensitive
- 1983 - Rule S3011: Changing or bypassing accessibility is security-sensitive
- 1982 - Rule S4825: Sending HTTP requests is security-sensitive
- 1981 - Rule S4817: Executing XPath expressions is security-sensitive
- 1980 - Rule S4787: Encrypting data is security-sensitive
- 1979 - Rule S4797: Handling files is security-sensitive
- 1978 - Rule S4721: Executing OS commands is security-sensitive
- 1905 - Rule S4784: Using regular expressions is security-sensitive
- 1842 - Rule S2255: Using cookies is security-sensitive
Improvements
7.8
Improvements
False Positive
- 1964 - Fix S3427: Rule should not generated FPs for generic parameters
- 1914 - Fix S1450: Do not report fields that are read and written in the same expression bodied member
- 1906 - Fix S1450: False positive when using += operator
- 1875 - Fix S4261: rule should not report for MVC controller methods
- 1874 - Fix S2701: rule should ignore bool? assertions
- 1841 - Fix S1449: Rule should not report for objects when ToUpper is inside expression
- 1839 - Update S2325: should not report methods in classes that inherit from System.Web.HttpApplication
- 1820 - Fix S1450: false positive on expression body property
False Negative
7.7
7.6
Improvements
- 1852 - Update SonarC# and VB documentation to cover uploading issues for all Roslyn analzyers
- 1825 - Update SonarC# to allow import of other roslyn issues
- 1920 - Security Hotspots rules should only be displayed on SonarQube/SonarCloud
Bug Fixes
- 1891 - Fix plugin to use newer version of protobuf
- 1867 - Fix S3928: Rule should not throw NullReferenceException for ArgumentNullException with null parameter name
- 1804 - Fix S3881: Rule throws AD0001 with SyntaxTree not part of the compilation
- 1857 - Fix S4143: False positive when incrementing key using ++ operator
- 1851 - Fix S3457: should not report for Debug.WriteLine(message, category)
- 1847 - Fix S3168: Rule should ignore MSTest V1 cleanup and initialize attributes
- 1845 - Fix S4586: false positive with local function
- 1843 - Fix S4049: Do not raise issue when method is async or return Task/Task/ValueTask
- 1840 - Fix S3257: should not recommend removing explicit type for multidimensional array
- 1819 - Fix S4457: False positive when ArgumentException thrown after awaited call
7.5
New Rules
Improvements
- 1812 - Deprecate S2228 in favor of S106
- 1798 - Update S1854: Dead stores should allow initialization with default()
- 1780 - Improve debug logging when importing code coverage and test coverage
- 1775 - Add support for switch statements pattern matching in CFG
- 1774 - Update S3253: Rule should handle ExpressionBody
- 1773 - Update S3626: Rule should handle ExpressionBody
- 1767 - Update S1172: Rule should handle ExpressionBody
- 1764 - Update S1185: Rule should handle ExpressionBody
- 1763 - Update S3604: Rule should handle ExpressionBody
- 1761 - Update S3052: Rule should handle ExpressionBody
- 1758 - Update S3963: Rule should handle ExpressionBody
- 1754 - Update S2326: Rule should handle ExpressionBody
- 1752 - Update S2292: Rule should handle ExpressionBody
- 1751 - Update metrics to handle ExpressionBody
- 1746 - Update S1144: Rule should handle ExpressionBody
- 1743 - Update Symbolic Execution Engine: Run rules on ExpressionBody
- 1739 - Update S2325: Rule should handle ExpressionBody
- 1737 - Update S3880: Rule should handle ExpressionBody
- 1734 - Update S2365: Rule should handle ExpressionBody
- 1733 - Update S138: Rule should handle ExpressionBody
- 1728 - Update S3881: Rule should handle ExpressionBody
- 1727 - Update S4005: Rule should handle ExpressionBody
- 1726 - Update S3997: Rule should handle ExpressionBody
Bug Fixes
- 1824 - SonarC# NPE with SonarLint for VS connected mode
- 1801 - Create BrancBlock for "case null" sections to avoid exceptions in the exploded graph
- 1791 - Module and file level issues are not de-duplicated correctly
- 1789 - Module levels issues are not reported correctly
- 1799 - Fix S1854: False Positive when variable initialized with -1 or +1
7.4
Improvements
- #1195 - Fix S1144: Issues is raised while method is being used (DebuggerDisplayAttribute)
- #1225 - Fix S1144: False Positive on Inner Classes
- #1398 - S1144 False positive for protected ctor
- #1434 - Rule S4150: False positive on field used in switch block
- #1448 - S1450: false negative for fields used in expression bodies
- #1449 - S1450 not appearing in VS2015 IDE
- #1460 - Update S3881: Rule should allow abstract IDisposable implementations
- #1486 - Fix S2187: does not report for test classes with only assembly-related attributes
- #1491 - Fix S3887: Rule should not report when field is readonly and initialized with immutable type in ctor
- #1498 - Test method detection code is not consistent across rules
- #1529 - "Fields should not have public accessibility" should not run against structs
- #1536 - S1450 "Private fields only used as local variables in methods should become local variables" not triggered by rule sample
- #1537 - Fix S3242: Rule should not suggest base type for virtual methods
- #1543 - S3400: Don't raise issue for virtual methods
- #1553 - Fix S4226: False positive for interfaces
- #1562 - Populate Security Standards data for Security Hotspots and Vulnerabilities rules
- #1563 - Change "Message" of Security Hotspot issues
- #158 - Fix S1450: Rule should not raise an issue when methods call each other
- #1586 - Fix S1075: Rule should not report on virtual path for asp.net
- #1588 - Adjust the "message" of S2245 because RSPEC-2245 is now a Security Hotspot
- #159 - Fix S1144: Unused private members should not report false positives with Unity classes
- #1593 - Fix S4049: GetEnumerator should be white-listed
- #1596 - Stop feeding the comment_lines_data metric
- #1607 - Fix S1450: Implement robust detection whether a local field could be converted to a local variable
- #1608 - Update S2551: rule should be enabled by default (Sonar way)
- #1609 - Update S3963: rule should be enabled by default (Sonar way)
- #1610 - Fix S3242: Rule should not suggest base type resulting in inconsistent accessibility (bis)
- #1623 - Update S1144: Develop robust mechanism to detect when a class member is unused
- #1638 - Add a warning to notify user that no coverage report file was found for the given pattern
- #1643 - Fix S4143: False Positive when variable is reassigned
- #1644 - Fix S4261: False positive on async Main
- #1649 - Fix the executable lines of code count to ignore attributes
- #1658 - Update S4261: Default severity should be Code Smell
- #1660 - Update S4524: Rule should be in the default quality profile (SonarWay)
- #1661 - Update S2255: Rule should be in the default quality profile (SonarWay)
- #1662 - Update S2245: Rule should be in the default quality profile (SonarWay)
- #1667 - Update S4524: metadata needs to be updated
- #1669 - Fix S1226: rule doesn't detect correctly that param was read before being assigned
- #1670 - Deprecate S2758 in favor of S3923
- #1673 - Update S1764: update rule metadata
- #1675 - Update S2259: documentation should include ability to use ValidatedNotNull attribute
- #1686 - Legacy Xunit test projects are not recognized as test projects
- #1687 - Fix S2699: handle skipped XUnit Theory tests
- #1688 - Fix S2699: handle all test method types for supported test frameworks
- #1691 - Fix S3433: handle all test method types for supported test frameworks
- #1693 - Fix S2386: Rule should handle effective accessiblity
- #1694 - Fix S3887: Rule should handle effective accessiblity
- #1695 - Fix S3887: Rule should not raise for uninitialized readonly fields
- #1705 - Fix S1607: : handle all test method types for supported test frameworks
- #1710 - Fix S2699: handle all test method types for supported test frameworks
- #1711 - Update S2971: Rule should not only suggest to remove call to ToList or ToArray
- #182 - Fix 1450: False positive in VS2017 but not VS2015
- #505 - Fix S2386: Rule should not report when field is readonly and ...
- #904 - Fix S1144: rule should not report false positives with constants
Bug Fixes
7.3.2
7.3
Bug Fixes
- 1438 - Fix string formats in the csharp plugin
False Positive
- 1493 - Fix S107: Do not raise for P/Invoke methods (#1459)
- 1464 - S4055 should not raise issues for string literal used in the 'message' of Debug.Assert
- 1436 - Fix S4586: False positive when returning null from inside Task.Run
- 1419 - Fix S1192: False positive for [SuppressMessage()] attribute
- 1417 - Fix S2259: False positive on switch statement with conditional access operator
- 1411 - Fix S1118: Rule should not raise issue on abstract classes
- 1400 - Fix S2583: Rule should not report false positives when combined with async methods
- 1378 - Fix S4023: False positive on interfaces that derive from other non-empty interfaces
- 1366 - Update S4261: should not raise on async unit test methods
- 1325 - Fix S1125: FP with nullable and VS2015/MSBuild 14
- 1324 - Rule S2259: False positive on 'try/catch' with exception filter
- 1279 - Fix S2228: Rule should ignore calls within DEBUG preprocessor
- 1265 - Rule S3626: "Jump statements should not be redundant" issues false positive with try/catch/finally clause
- 1180 - Fix S1200: Should not count generic type parameters of extension methods
- 947 - S2583: False-positive when Monitor.Wait is used
- 621 - CFG does not correctly support try-catch blocks with unconditional return insude
- 496 - Fix S2234: Check for parameter types before reporting it as bug
False Negative
New Rules
- 823 - Rule S4275: Getters and setters should access the right field
- 634 - Rule S4143: Dictionary values should not be replaced unconditionally
- 257 - Rule S2327: "try" statements with identical "catch" and/or "finally" blocks should be merged
- 221 - Rule S3973: A conditionally executed single line should be denoted by indentation