SonarKotlin 2.12.1

Bugs
SONARKT-267(CPD tokens of unchanged files are not reported during incremental branch analysis

SONARKT-271 The Kotlin analyzer distinguishes between changed and unchanged in files in PR context

2.13.0.2116

Release notes - SonarKotlin - 2.13

Task

SONARKT-278 Update rules metadata

Improvement

SONARKT-244 Improve Android Project detection

SONARKT-274 Upgrade to Kotlin 1.8

SONARKT-276 Fallback to latest stable Kotlin version instead of hardcoded Kotlin 1.5

SonarKotlin 2.12.0

Release notes - SonarKotlin - 2.12

New Feature

SONARKT-122 Rule S2695: "PreparedStatement" and "ResultSet" methods should be called with valid indices

SONARKT-130 Rule S2097: "equals(Any?)" should test argument type

SONARKT-131 Rule S2114: Collections should not be passed as arguments to their own methods

SONARKT-132 Rule S2116: "hashCode" and "toString" should not be called on array instances

SONARKT-134 Rule S899: Return values should not be ignored when they contain the operation status code

SONARKT-138 Rule S3981: Collection sizes and array length comparisons should make sense

SONARKT-140 Rule S2175: Inappropriate "Collection" calls should not be made

SONARKT-141 Rule S3958: Intermediate Sequence/Stream methods should not be left unused

Task

SONARKT-265 Update rules metatdata

SONARKT-266 Update external linters

SonarKotlin 2.11.0

Release notes - SonarKotlin - 2.11

Bug

SONARKT-36 Issues not always detected when `this` is used as reference

SONARKT-226 S125 is disabled silently

SONARKT-247 Potential memory leak when regex cache holds the reference to the BindingContext

SONARKT-254 Memory leak in sonar-kotlin in sonarlint because global cache never cleaned in the companion object

False-Positive

SONARKT-209 Rule S1313: Exclude local IPv4-mapped IPv6 address

SONARKT-225 Rule S1313: Exclude reserved documentation IP ranges

New Feature

SONARKT-129 Rule S1206: "equals(Any?)" and "hashCode()" should be overridden in pairs

SONARKT-207 Rule S6432: Counter Mode initialization vectors should not be reused

SONARKT-208 Rule S5542: Detect CBC mode when used with padding

SONARKT-214 Rules support PCI DSS Security Standard

SONARKT-215 Rules support OWASP ASVS Security Standard

SONARKT-246 Skip the analysis of unchanged files

Task

SONARKT-228 Update or get rid of apache commons-text in kotlin-utils

SONARKT-229 Remove dependency managament block from main gradle build file

SONARKT-230 Upgrade to Detekt v1.22.0-RC2 rule definition

SONARKT-231 Upgrade to Ktlint 0.47.1 rule definitions

SONARKT-232 Fix assert().equalsTo in test units that compare files, to avoid Windows line endings issues

SONARKT-235 Enforce license headers in other modules

SONARKT-241 Update rules metadata

SONARKT-243 Update external linters rules (Detekt, AndroidLint)

SONARKT-256 Update rules metadata

SONARKT-258 Logged message at INFO level during incremental analysis should be concise

Improvement

SONARKT-205 Update Analyzer Commons to 1.25: minor changes on Regex checks

SONARKT-222 Update Analyzer Commons to 1.27: changes in Regex check and resources loading

SONARKT-233 Support issue suppression declaration on when-case expressions

SONARKT-257 KotlinSensor should not be slow when there's no files to analyze

2.10.0

Release notes - SonarKotlin - Version 2.10

Bug

SONARKT-221 Links are broken in the manifest

SONARKT-211 Tests fail when running in environments with a dot in the path

SONARKT-203 Comment_lines metric should count '/**' comments and ignore blank lines and header-comment (if any)

SONARKT-197 S6316 should not crash when job declaration is not directly followed by a call to delay.

Documentation

SONARKT-218 Update docs to include available analyzer properties and an explanation

False-Positive

SONARKT-202 S1871 should not consider two method calls the same if they're calling different methods with the same name

SONARKT-199 S4830 misses exceptions being thrown in catch clauses

SONARKT-198 FP in S1128 in the presence of packages with the same unqualified name

Improvement

SONARKT-210 Support parsing of Kotlin 1.7 source code

SONARKT-206 Access properties 'sonar.java.binaries' and 'sonar.java.libraries' should be made using 'getStringArray' method

SONARKT-201 Update usage of sonar-plugin-api for libraries and binaries parameters

New Feature

SONARKT-217 Support parallelized generation of the BindingContext

SONARKT-200 Provide OWASP Top 10 2021 security standards for rules metadata

SONARKT-15 Being able to parse the code depending on the Kotlin version

Task

SONARKT-220 Update rules metadata

SONARKT-219 Upgrade external linter definitions

2.9.0

    Release Notes - Analyzer for Kotlin - Version 2.9

Bug

• [SONARKT-195] - Kotlin compiler crashes during generation of the BindingContext

Task

• [SONARKT-194] - Add metrics reporting from sonar-analyzer-commons

Improvement

• [SONARKT-196] - Improve the performance of checks relying on the compiler diagnostics

2.8.0

    Release Notes - Analyzer for Kotlin - Version 2.8

Bug

• [SONARKT-188] - Highlighting seems off on some regex findings
• [SONARKT-192] - Scan logs only display "dummy.kt" as filename when there is an exception

Task

• [SONARKT-193] - Prepare Release of SonarKotlin 2.8

Improvement

• [SONARKT-190] - Update Kotlin to 1.6

False-Positive

• [SONARKT-182] - S1128: FP on imports for annotations, delegates, overloaded operators and annotations
• [SONARKT-183] - Kotlin compiler reports variables as unused with incomplete semantics
• [SONARKT-187] - FP Regex issues when using string interpolation

2.7.0

    Release Notes - Analyzer for Kotlin - Version 2.7

Bug

• [SONARKT-171] - NoSuchElementException empty list of value parameters when checking for suspending function
• [SONARKT-186] - Slow analysis speeds due to re-computation of semantics

Task

• [SONARKT-189] - Update rules metadata

Improvement

• [SONARKT-149] - S6300 should cover more methods that write to files

False Negative

• [SONARKT-164] - S6293: Fix false-negatives for android.hardware.biometrics.BiometricPrompt

2.6.0

    Release Notes - Analyzer for Kotlin - Version 2.6

Bug

• [SONARKT-172] - IllegalArgumentException in FunMatcher, when inferred return type is intersection
• [SONARKT-184] - java.lang.IllegalArgumentException in rule S1874 when reporting on Enum constructor call

New Feature

• [SONARKT-152] - Rule S5842: Regex repetition pattern's body should not match the empty String
• [SONARKT-153] - Rule S5843: Regular expressions should not be too complicated
• [SONARKT-154] - Rule S5846: Empty lines should not be tested with regex MULTILINE flag
• [SONARKT-155] - Rule S5850: Alternatives in regular expressions should be grouped when used with anchors
• [SONARKT-157] - Rule S5856: Regular expressions should be syntactically valid
• [SONARKT-158] - Rule S5857: Regular expressions character classes should be preferred over non-greedy quantifiers
• [SONARKT-161] - Rule S5867: Unicode-aware versions of character classes should be preferred
• [SONARKT-162] - Rule S5868: Unicode Grapheme Clusters should be avoided inside regex character classes
• [SONARKT-163] - Rule S5869: Character classes in regular expressions should not contain the same character twice

Task

• [SONARKT-185] - Prepare Release of SonarKotlin 2.6

Improvement

• [SONARKT-169] - Support Kotlin AST regexes
• [SONARKT-179] - Improve regex range to Kotlin file range translation precesion
• [SONARKT-180] - Support regex flags

2.5.0

    Release Notes - Analyzer for Kotlin - Version 2.5

New Feature

• [SONARKT-165] - Rule S4507: Add WebView debug settings
• [SONARKT-168] - Rule S6362: Enabling JavaScript support for WebViews is security-sensitive
• [SONARKT-170] - Rule S6363: Enabling file access for WebViews is security-sensitive

Improvement

• [SONARKT-174] - Rule S5332: support Android WebView insecure mixed content policy