Skip to content

9.6
Compare
Choose a tag to compare
@SonarTech SonarTech released this 25 Jul 13:54
9.6.0.74858
1366be8
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

This release introduces 3 new security-related rules for VB.NET and improves the precision of their existing C# versions by migrating them to the new symbolic execution engine.
This version also includes a new code fix and fixes for false negative issues.
Kudos to @Corniel for his contribution by implementing a codefix for S125 (#313)

New Rules

  • 7560 - [VB.NET] New rule S2053: Hashes should include an unpredictable salt
  • 7562 - [VB.NET] New rule S3329: Cipher Block Chaining IVs should be unpredictable
  • 7565 - [VB.NET] New Rule S5773: Types allowed to be deserialized should be restricted

Improvements

  • 7424 - [VB.NET] Merge rule S2373 onto S119 (S2373 is now deprecated)
  • 313 - [C#] Rule S125: Add a code fix to remove the commented code

False Negative

  • 7617 - [C#, VB.NET] Fix S2053 FN: Encoding.GetBytes
  • 7547 - [C#, VB.NET] Fix S6588 FN: Rule should cover case with epoch ticks

Contributors

Corniel
Assets 6
Loading