Releases: SonarSource/sonar-dotnet
8.40
Hi everyone,
In the last sprint, we took the time to reduce the noise by addressing some false positives and improving the handling of static local functions.
Special thanks to @Corniel for his contributions to improving our S4581 rule.
You can find the details below:
New Rules
- 5616 - [C#] Rule S4581: Add C# code fix
- 5615 - [VB.NET] Rule S4581: Guid.Empty is preferred for VB.NET
Improvements
- 5674 - Update rule documentation
- 5669 - S138: Exclude local static functions from the sum of lines when they are placed in other methods.
- 5668 - [C#] S3776: Exclude static local functions from complexity computation
- 5666 - [C#, VB.NET] S4159: Add support for System.Composition.ExportAttribute
False Positive
Contributors
Assets 6
8.39
Hi everyone,
In the last sprint, we added support for record structs for the remaining rules.
Improvements
- 5609 - S1192: Add support for record structs
- 5592 - S1450: Add support for record struct
- 5606 - S1939: Add support for record struct
- 5632 - S2257: Add support for record structs
- 5580 - S2326, S3925: Add support for record struct
- 5605 - S2333: Add support for record struct
- 5611 - S2436: Add support for record structs
- 5607 - S2743: Add support for record struct
- 5612 - S3059: Add support for record structs
- 5577 - S3218: Add support for record structs
- 5622 - S3241: Add support for record structs
- 5608 - S3263 Add support for record struct
- 5620 - S3898: Add support for record struct
- 5633 - S3996: Add support for record structs
- 5613 - S4041: Add support for record structs
- 5593 - S4049: Add support for record struct
- 5604 - S4059: Add support for record struct
- 5578 - S4136: Add support for record struct
- 5634 - S5766: Add support for record struct
- 5614 - Update RSPEC before 8.39 release
False Positive
8.38
Hi everyone,
In the last sprint, we improved the performance of some of our rules, added support for record structs (an effort that will continue for the next version), and fixed some false positives (S1172 included) and false negatives.
Special thanks to @dammejed for his contributions to improving our S2187 rule.
Improvements
- 5575 - [C#] S2952: Add support for record structs
- 5574 - [C#] S3903: Add support for record structs
- 5571 - [C#] S100/S101/S3909: Add support for record structs
- 5568 - [C#] S3168, S1200: Add support for record struct
- 5561 - [C#] Rules S3887, S2386: Add support for records and record structs
- 5513 - Update RSPEC before 8.38 release
False Positive
- 5491 - [C#, VB.NET] Fix S1172 FP: Raises randomly under VS context
- 5522 - [C#, VB.NET] Fix S2222 FP: SpinLock.TryEnter followed by nested finally regions
- 4949 - [C#] Fix S1854 FPs: Improve catch block links
- 5564 - [C#] Fix S2187 FP: Support test attributes deriving from
ITestBuilderin NUnit - 5498 - [C#] Rule S3400: FP when using default interface implementation
- 5443 - [C#] S3242 should not suggest change resulting into S4017
- 5428 - [C#] S2252 FP: Rule raises issue in case of non integer value in for loop.
- 5381 - [C#] S1144 FP: using a private record constructor with positional syntax
- 5238 - [C#] Fix S2743 FP: Don't report on static fields which use the type parameter
- 4832 - [C#] Fix S3963 FP: Should not raise for conditional logic
False Negative
Performance
- 4745 - [C#] Rule S110: should support concurrent execution
- 4351 - [C#] Fix S1144 / S4487 perf regression: UnusedPrivateMember
- 4350 - [C#] Fix S1450 performance regression: PrivateFieldUsedAsLocalVariable
- 4349 - [C#] Fix S3971 performance regression: DoNotCallGCSuppressFinalize
- 4220 - [C#, VB.NET] Reduce the number of symbols retrieved by SymbolReferenceAnalyzer
- 3854 - [C#, VB.NET] S3869, S3889, S3902, S3885, S1147, S1215, S3971, S4040 Improve formance: DoNotCallMethodsBase
Contributors
Assets 6
8.37
Hello everyone,
in this release, we've improved the S2222 rule and added it to the SonarWay profile.
We've also enabled concurrency by default. You can opt out by setting SONAR_DOTNET_ENABLE_CONCURRENT_EXECUTION environment variable to false in case you face some issues.
New Features
- 5310 - [C#] Add S2222 to SonarWay profile
- 5074 - [C#, VB.NET] Enable concurrent execution by default
- 5463 - Provide OWASP Top 10 2021 security standards for rules metadata
Improvements
- 5415 - Improve S2222: add tracking for returning values when lock is aquired
- 5419 - Improve S2222: add support for ref parameter lock status tracking
- 5416 - Improve S2222: add support for
IsReadLockHeldandIsWriteLockHeld - 5519 - Improve S2222: add support for
Monitor.IsEntered - 5395 - [C#, VB.NET] Learn constraints on branching in SE
- 5308 - [C#, VB.NET] Support conditional branching in SE
- 5478 - [C#, VB.NET] Support BinaryOperation for Boolean expressions in SE
- 5469 - [VB.NET] Support implicit VB.NET declaration value in SE
- 5459 - Use LVA in the new SE
- 5480 - Support tracking of flow capturing operations in SE
- 5460 - Enable SE SymbolicCheck to return multiple states
- 5502 - Update RSPEC before 8.37 release
checks
False Positive
- 5503 - [C#] Fix S3241 FP: When method is async
- 5457 - [C#] Fix S4226 FP: Should not raise for generated class
- 5451 - [C#] Fix S3459 FP: Flags unassigned fields in serializable classes
False Negative
8.36.1
8.36
Hello everyone,
In the latest sprint, we focused our attention on improving the precision of the new symbolic execution engine and of the S2222 rule, the first one using this new engine. Due to the new architecture, the VB.Net variant was trivial to implement but there is still a bit of work to be done before considering the S2222 rule "mature" enough to be included in the SonarWay profile.
Besides that, we did improve the S1854 performance which was inefficient in some scenarios.
Once again thanks to @Corniel for his contribution.
You can find more details below:
New Rules
Improvements
- 5305 - [C#, VB.NET] Improve S2222: Track SpinLock
- 5304 - [C#, VB.NET] Improve S2222: Track ReaderWriterLockSlim
- 5303 - [C#, VB.NET] Improve S2222: Track ReaderWriterLock
- 5302 - [C#, VB.NET] Improve S2222: Track Mutex
- 5309 - [C#, VB.NET] Track field access on current instance
- 5307 - [C#, VB.NET] Support finally block in SE
- 5306 - [C#, VB.NET] Support branching in Symbolic Execution
- 5380 - [C#, VB.NET] Add symbolic engine support for Boolean constraints
- 5400 - [C#, VB.NET] Reduce IOperationWrapperSonar memory allocations
- 5377 - [C#, VB.NET] Symbolic Execution: Visit each operation max 2 times
- 5375 - [C#, VB.NET] S2222 performance: Improve early bailout logic
- 5346 - Update RSPEC
- 5411 - [C#] Rule S1155: Implement a fix provider for C#
Performance
Contributors
Assets 6
8.35
Hello everyone,
In the latest sprint, we focused our attention on our testing infrastructure and ensured that our rules are tested with the latest versions of .Net Core. Besides that, we added a couple of improvements and did a small performance improvement.
Once again thanks to @Corniel for his contribution.
New Rules
Improvements
- 5333 - Update rule documentation
- 5296 - Rule S2077: add support for Entity Framework Core new overloads
- 5286 - Rule S3415: Add missing assert functions and cleanup
Bug Fixes
- 5334 - [C#, VB.NET] Unable to install or update NuGet package in Visual Studio 2022
False Positive
Performance
- 5321 - [C#] Improve old Symbolic Execution memory consumption
Contributors
Assets 6
8.34
Hello everyone,
With this release, we fixed a bug, added a couple of improvements, and fixed false positives. Additionally, the issue of false negatives when a single analyzer class supports diagnostics for Main and Test code at the same time, was fixed.
Bug Fixes
Improvements
- 5266 - [C#, VB.NET] Use
DocumentBasedFixAllProviderfor all Code Fixes. - 4439 - [C#] Rule S3253: Code fix provider removes trivia for arrow methods.
False Positive
- 3850, 2639, 2270 - [C#] Fix S2259 FPs: when ValidatedNotNullAttribute is used in extension method.
- 5232 - [C#] Fix FP S3459: "Unassigned auto-property" is not actually an auto property.
- 5226 - [C#] Fix FP S3928: "ArgumentException constructor arguments have been inverted" triggered with named parameters.
- 5219 - [C#] Fix S1125 FP: When using nullable booleans in ternary expressions C#9.
- 5160 - [C#] Fix S3260 FP: Should not raise for inherited generic classes.
- 5101 - [C#] Fix S4035 FP:
private Equalsimplementations. - 5032 - [C#] Fix S4507 FP: Relax
env.IsDevelopment();sanitizer. - 5006 - [C#] Fix S3442 FP: Rule should suggest
private protectedinstead ofprotected. - 4945 - [VB.NET] Fix S1542 FP: Don't raise for overridden members and interface implementations.
- 4799 - [C#] S4261: False diagnostic when using generic constraints.
- 4737 - [C#] Fix S109 FP: Named arguments, constructor calls, single-value attributes.
- 4465 - [C#] Fix S1125 FP: Using ternary operator and throw expressions.
- 4370 - [C#, VB.NET] Fix S927 FP: Do not raise an issue when generic type arguments names are changed to reflect the actual type they represent.
- 4339 - [C#] Fix S4275 FPs: Related to logical operator assignment and field selection.
- 3453 - [C#] Fix S3906 FP: Implementing interface from 3rd party.
False Negative
- 5173 - Support mixed scopes in a single analyzer class.
8.33
Hello everyone,
With this release, we improved our support for top-level statements fixing a few false positives and negatives.
Special thanks to @Corniel for his contributions to improving our S3981 rule.
Improvements
- 5137 - [C#] Ensure MethodDeclarationTracker can correctly report file level issues
- 5129 - [C#] Rule S4823: check also top level statements
- 5127 - [C#] Rule S138: check top level local function individually
- 5125 - [C#] Rule S2930: Remove duplicate issues when in top-level statements.
- 5113 - [C#] Rule S1192: Introduce support for top level statements
- 5112 - [C#] Rule S3241: add support for top-level statements
- 5110 - [C#] Rule S2436: add support for local functions
- 5107 - [C#] Rule S4144: support for top-level statements
- 5105 - [C#] Rule S138: check size of top level method body
- 5103 - [C#] Rule S1199: Introduce support for top level statements
- 5099 - [C#] Rule S1541: Introduce support for top level statements
- 5096 - [C#] Rule S3776: Introduce support for top level statements
- 5091 - [C#] Rule S134: check nesting for global statements
- 5085 - [C#] Rule S1186: check also the local functions
- 5081 - [C#] Rule S1144: remove duplicate issues in top level statements
- 5069 - [C#] Rule S2760: Detects when same condition is used in top level statements
- 5066 - [C#] Rule S4462: FP when in top level statement.
- 5056 - [C#] Rule S3928: Introduce support for top level statements
- 5003 - [C#] Rule S1905 reports false positive with
OfTypeand nullable types - 5109 - [VB.NET] Count
ElseIfas executable line metric for VB.NET
Performance
- 5120 - [C#] Improve analyzer performance when no SE rule is active
Contributors
Assets 6
8.32
Hello everyone,
this is a small hardening release in which we fixed 2 bugs, a couple of FPs, and one FN. You can find the list below.
Special thanks to @Corniel for fixing an FP for rule S3903 (support for file scoped namespaces)!
Bug Fixes
- 5023 - [C#] Rule S4830: InvalidOperationException thrown by CertificateValidationCheck
- 4808 - [C#] Could not load file or assembly 'System.Security.Permissions..' when building projects with
dotnet
False Positive
- 4983 - Rule S3260: FP does not detect if the class is inherited by a sub-class
- 5027 - Rule S3260: FP when private class has a virtual member
- 4731 - Rule S3903: False Positive when using File Scoped namespaces.
- 4264 - [C#] Rule S1121: FP when
IsPatternsyntax is used