Releases: SonarSource/sonar-dotnet
Releases · SonarSource/sonar-dotnet
7.11
New Rules
- 2062 - [VB.NET] Rule S126: "if ... else if" constructs should end with "else" clauses
- 2061 - [VB.NET] Rule S1125: Boolean literals should not be redundant
- 2060 - [VB.NET] Rule S1151: 'Select...Case' clauses should not have too many lines of code
- 2059 - [VB.NET] Rule S1145: Useless "if(true) {...}" and "if(false){...}" blocks should be removed
- 2058 - [VB.NET] Rule S107: Functions should not have too many parameters
- 2056 - [VB.NET] Rule S1110: Redundant parentheses should be removed
- 2055 - [VB.NET] Rule S2234: Parameters should be passed in the correct order
- 2054 - [VB.NET] Rule S1066: Collapsible "if" statements should be merged
- 2053 - [VB.NET] Rule S1172: Unused function parameters should be removed
- 2051 - [VB.NET] Rule S138: Procedures should not have too many lines of code
- 2047 - [VB.NET] Rule S108: Nested blocks of code should not be left empty
- 2042 - [VB.NET] Rule S1134: Track uses of "FIXME"
- 2041 - [VB.NET] Rule S1135: Track uses of "TODO"
Improvements
7.10
Improvements
- 2046 - SonarVB: Feed Cognitive Complexity metric
- 2044 - SonarVB: Feed metric 'executable_lines_data' when SQ >= 6.2
- 2202 - Update S2436: Rule should handle struct and interface types
- 2182 - Update S4039: protected members should not generate issues
- 2173 - Update all syntax walkers usages to be safe toward too big methods/classes
- 2169 - Update S1144: documentation should include all exceptions from the rule
- 2132 - TypeHelper.IsMatch should check OriginalDefinition as well to work with generics
- 2024 - Update S1144: Fade out / Dim code insteadof highlighting the full member
- 2196 - Fix S3937: FP for numbers with type suffixes (i.e. 1_000_000UL)
- 2161 - Fix S4069: Add more alternative names for operators
- 2123 - Update S1200: Rule should ignore 'nameof()' references
- 2043 - SonarVB: Compute public API metrics and public undocumented metrics
- 2219 - Update S2930: update message to correspond the RSPEC declaration
- 2217 - Update S1751: Update message and RSPEC metadata
- 2214 - Update S2551: Update message and RSPEC metadata
- 2213 - Update S3330: Rule should be in SonarWay
- 2212 - Update S2092: Rule should be in SonarWay
- 2211 - Update S1313: Rule should be in SonarWay
Bug Fixes
- 2203 - Fix S1144: Do not keep references to all type symbols
- 2192 - Fix plugin: Roslyn external issues can contain invalid locations
- 2191 - Fix S1192: Rule should display string as defined in the source code
- 2187 - SonarVB appears into 2 sections under the SQ admin page
- 2176 - Variable assignment are not counted as executable lines of code in VB
- 2172 - Cognitive complexity increment is not increasing for nested loops in VB
- 2151 - Fix Cognitive Complexity Metric for recursions
- 2144 - Undocumented public API metric should count only documentation comments
- 2130 - Fix S2699: Rule doesn't raise when the code contains any invocation
- 2117 - Fix S1144: AD0001 - System.InvalidCastException
- 2115 - AD0001 when analyzing lucene.net
- 2025 - Plugin should support C# and VB.NET pointing to the same coverage report
7.9.1
7.9
New C# Rules
- 1993 - Rule S4792: Configuring loggers is security-sensitive
- 1992 - Rule S4834: Controlling permissions is security-sensitive
- 1991 - Rule S4529: Exposing HTTP endpoints is security-sensitive
- 1990 - Rule S4507: Delivering code in production with debug features activated is security-sensitive
- 1989 - Rule S4829: Reading the Standard Input is security-sensitive
- 1988 - Rule S2077: Executing SQL queries is security-sensitive
- 1987 - Rule S1523: Dynamically executing code is security-sensitive
- 1986 - Rule S4823: Using command line arguments is security-sensitive
- 1985 - Rule S4818: Using Sockets is security-sensitive
- 1984 - Rule S4790: Hashing data is security-sensitive
- 1983 - Rule S3011: Changing or bypassing accessibility is security-sensitive
- 1982 - Rule S4825: Sending HTTP requests is security-sensitive
- 1981 - Rule S4817: Executing XPath expressions is security-sensitive
- 1980 - Rule S4787: Encrypting data is security-sensitive
- 1979 - Rule S4797: Handling files is security-sensitive
- 1978 - Rule S4721: Executing OS commands is security-sensitive
- 1905 - Rule S4784: Using regular expressions is security-sensitive
New VB.NET Rules
- 1993 - Rule S4792: Configuring loggers is security-sensitive
- 1992 - Rule S4834: Controlling permissions is security-sensitive
- 1991 - Rule S4529: Exposing HTTP endpoints is security-sensitive
- 1990 - Rule S4507: Delivering code in production with debug features activated is security-sensitive
- 1989 - Rule S4829: Reading the Standard Input is security-sensitive
- 1988 - Rule S2077: Executing SQL queries is security-sensitive
- 1987 - Rule S1523: Dynamically executing code is security-sensitive
- 1986 - Rule S4823: Using command line arguments is security-sensitive
- 1985 - Rule S4818: Using Sockets is security-sensitive
- 1984 - Rule S4790: Hashing data is security-sensitive
- 1983 - Rule S3011: Changing or bypassing accessibility is security-sensitive
- 1982 - Rule S4825: Sending HTTP requests is security-sensitive
- 1981 - Rule S4817: Executing XPath expressions is security-sensitive
- 1980 - Rule S4787: Encrypting data is security-sensitive
- 1979 - Rule S4797: Handling files is security-sensitive
- 1978 - Rule S4721: Executing OS commands is security-sensitive
- 1905 - Rule S4784: Using regular expressions is security-sensitive
- 1842 - Rule S2255: Using cookies is security-sensitive
Improvements
7.8
Improvements
False Positive
- 1964 - Fix S3427: Rule should not generated FPs for generic parameters
- 1914 - Fix S1450: Do not report fields that are read and written in the same expression bodied member
- 1906 - Fix S1450: False positive when using += operator
- 1875 - Fix S4261: rule should not report for MVC controller methods
- 1874 - Fix S2701: rule should ignore bool? assertions
- 1841 - Fix S1449: Rule should not report for objects when ToUpper is inside expression
- 1839 - Update S2325: should not report methods in classes that inherit from System.Web.HttpApplication
- 1820 - Fix S1450: false positive on expression body property
False Negative
7.7
7.6
Improvements
- 1852 - Update SonarC# and VB documentation to cover uploading issues for all Roslyn analzyers
- 1825 - Update SonarC# to allow import of other roslyn issues
- 1920 - Security Hotspots rules should only be displayed on SonarQube/SonarCloud
Bug Fixes
- 1891 - Fix plugin to use newer version of protobuf
- 1867 - Fix S3928: Rule should not throw NullReferenceException for ArgumentNullException with null parameter name
- 1804 - Fix S3881: Rule throws AD0001 with SyntaxTree not part of the compilation
- 1857 - Fix S4143: False positive when incrementing key using ++ operator
- 1851 - Fix S3457: should not report for Debug.WriteLine(message, category)
- 1847 - Fix S3168: Rule should ignore MSTest V1 cleanup and initialize attributes
- 1845 - Fix S4586: false positive with local function
- 1843 - Fix S4049: Do not raise issue when method is async or return Task/Task/ValueTask
- 1840 - Fix S3257: should not recommend removing explicit type for multidimensional array
- 1819 - Fix S4457: False positive when ArgumentException thrown after awaited call
7.5
New Rules
Improvements
- 1812 - Deprecate S2228 in favor of S106
- 1798 - Update S1854: Dead stores should allow initialization with default()
- 1780 - Improve debug logging when importing code coverage and test coverage
- 1775 - Add support for switch statements pattern matching in CFG
- 1774 - Update S3253: Rule should handle ExpressionBody
- 1773 - Update S3626: Rule should handle ExpressionBody
- 1767 - Update S1172: Rule should handle ExpressionBody
- 1764 - Update S1185: Rule should handle ExpressionBody
- 1763 - Update S3604: Rule should handle ExpressionBody
- 1761 - Update S3052: Rule should handle ExpressionBody
- 1758 - Update S3963: Rule should handle ExpressionBody
- 1754 - Update S2326: Rule should handle ExpressionBody
- 1752 - Update S2292: Rule should handle ExpressionBody
- 1751 - Update metrics to handle ExpressionBody
- 1746 - Update S1144: Rule should handle ExpressionBody
- 1743 - Update Symbolic Execution Engine: Run rules on ExpressionBody
- 1739 - Update S2325: Rule should handle ExpressionBody
- 1737 - Update S3880: Rule should handle ExpressionBody
- 1734 - Update S2365: Rule should handle ExpressionBody
- 1733 - Update S138: Rule should handle ExpressionBody
- 1728 - Update S3881: Rule should handle ExpressionBody
- 1727 - Update S4005: Rule should handle ExpressionBody
- 1726 - Update S3997: Rule should handle ExpressionBody
Bug Fixes
- 1824 - SonarC# NPE with SonarLint for VS connected mode
- 1801 - Create BrancBlock for "case null" sections to avoid exceptions in the exploded graph
- 1791 - Module and file level issues are not de-duplicated correctly
- 1789 - Module levels issues are not reported correctly
- 1799 - Fix S1854: False Positive when variable initialized with -1 or +1
7.4
Improvements
- #1195 - Fix S1144: Issues is raised while method is being used (DebuggerDisplayAttribute)
- #1225 - Fix S1144: False Positive on Inner Classes
- #1398 - S1144 False positive for protected ctor
- #1434 - Rule S4150: False positive on field used in switch block
- #1448 - S1450: false negative for fields used in expression bodies
- #1449 - S1450 not appearing in VS2015 IDE
- #1460 - Update S3881: Rule should allow abstract IDisposable implementations
- #1486 - Fix S2187: does not report for test classes with only assembly-related attributes
- #1491 - Fix S3887: Rule should not report when field is readonly and initialized with immutable type in ctor
- #1498 - Test method detection code is not consistent across rules
- #1529 - "Fields should not have public accessibility" should not run against structs
- #1536 - S1450 "Private fields only used as local variables in methods should become local variables" not triggered by rule sample
- #1537 - Fix S3242: Rule should not suggest base type for virtual methods
- #1543 - S3400: Don't raise issue for virtual methods
- #1553 - Fix S4226: False positive for interfaces
- #1562 - Populate Security Standards data for Security Hotspots and Vulnerabilities rules
- #1563 - Change "Message" of Security Hotspot issues
- #158 - Fix S1450: Rule should not raise an issue when methods call each other
- #1586 - Fix S1075: Rule should not report on virtual path for asp.net
- #1588 - Adjust the "message" of S2245 because RSPEC-2245 is now a Security Hotspot
- #159 - Fix S1144: Unused private members should not report false positives with Unity classes
- #1593 - Fix S4049: GetEnumerator should be white-listed
- #1596 - Stop feeding the comment_lines_data metric
- #1607 - Fix S1450: Implement robust detection whether a local field could be converted to a local variable
- #1608 - Update S2551: rule should be enabled by default (Sonar way)
- #1609 - Update S3963: rule should be enabled by default (Sonar way)
- #1610 - Fix S3242: Rule should not suggest base type resulting in inconsistent accessibility (bis)
- #1623 - Update S1144: Develop robust mechanism to detect when a class member is unused
- #1638 - Add a warning to notify user that no coverage report file was found for the given pattern
- #1643 - Fix S4143: False Positive when variable is reassigned
- #1644 - Fix S4261: False positive on async Main
- #1649 - Fix the executable lines of code count to ignore attributes
- #1658 - Update S4261: Default severity should be Code Smell
- #1660 - Update S4524: Rule should be in the default quality profile (SonarWay)
- #1661 - Update S2255: Rule should be in the default quality profile (SonarWay)
- #1662 - Update S2245: Rule should be in the default quality profile (SonarWay)
- #1667 - Update S4524: metadata needs to be updated
- #1669 - Fix S1226: rule doesn't detect correctly that param was read before being assigned
- #1670 - Deprecate S2758 in favor of S3923
- #1673 - Update S1764: update rule metadata
- #1675 - Update S2259: documentation should include ability to use ValidatedNotNull attribute
- #1686 - Legacy Xunit test projects are not recognized as test projects
- #1687 - Fix S2699: handle skipped XUnit Theory tests
- #1688 - Fix S2699: handle all test method types for supported test frameworks
- #1691 - Fix S3433: handle all test method types for supported test frameworks
- #1693 - Fix S2386: Rule should handle effective accessiblity
- #1694 - Fix S3887: Rule should handle effective accessiblity
- #1695 - Fix S3887: Rule should not raise for uninitialized readonly fields
- #1705 - Fix S1607: : handle all test method types for supported test frameworks
- #1710 - Fix S2699: handle all test method types for supported test frameworks
- #1711 - Update S2971: Rule should not only suggest to remove call to ToList or ToArray
- #182 - Fix 1450: False positive in VS2017 but not VS2015
- #505 - Fix S2386: Rule should not report when field is readonly and ...
- #904 - Fix S1144: rule should not report false positives with constants
