Update RSPEC for release (#6762)

analyzers/rspec/cs/S2198_c#.html

@@ -1,18 +1,14 @@
 <p>Certain mathematical comparisons will always return the same value, and should simply not be made.</p>
-<p>This comparison will always return <code>false</code>:</p>
+<p>These comparisons will return either always <code>true</code> or always <code>false</code> depending on the kind of comparison:</p>
 <ul>
-  <li> comparing a <code>float</code> with a <code>double</code> constant that’s outside the <code>float</code> range </li>
-</ul>
-<p>These will always return <code>true</code>:</p>
-<ul>
-  <li> comparing <code>aByte &lt;= Byte.MaxValue</code> and <code>aByte &gt;= Byte.MinValue</code> </li>
-  <li> comparing <code>anInt &lt;= int.MaxValue</code> and <code>anInt &gt;= int.MinValue</code> </li>
-  <li> comparing <code>aLong &lt;= long.MaxValue</code> and <code>aLong &gt;= long.MinValue</code> </li>
+  <li> Comparing a <code>char</code> with a numeric constant that is outside of the range of <code>char</code>. </li>
+  <li> Comparing a <code>float</code> with a numeric constant that is outside of the range of <code>float</code>. </li>
+  <li> Comparing a <code>long</code> with a numeric constant that is outside of the range of <code>long</code>. </li>
+  <li> Comparing a <code>ulong</code> with a numeric constant that is outside of the range of <code>ulong</code>. </li>
 </ul>
 <h2>Noncompliant Code Example</h2>
 <pre>
 float f = 42.0f;
-const double d = float.MaxValue + 1;
-if (f &lt;= d) { } // Noncompliant
+if (f &lt;= double.MaxValue) { } // Noncompliant
 </pre>
 

analyzers/rspec/cs/S3063_c#.html

@@ -1,37 +1,43 @@
-<p><code>StringBuilder</code> instances that are <code>append</code>ed but never <code>toString</code>ed needlessly clutter the code, and worse are a
-drag on performance. Either they should be removed, or the missing <code>toString</code> call added.</p>
+<p><code>StringBuilder</code> instances that never build a <code>string</code> clutter the code and worse are a drag on performance. Either they
+should be removed, or the missing <code>ToString()</code> call should be added.</p>
 <h2>Noncompliant Code Example</h2>
 <pre>
-public void doSomething(List&lt;string&gt; strings) {
-  StringBuilder sb = new StringBuilder();  // Noncompliant
+public void DoSomething(List&lt;string&gt; strings) {
+  var sb = new StringBuilder();  // Noncompliant
   sb.Append("Got: ");
-  foreach(string str in strings) {
+  foreach(var str in strings) {
     sb.Append(str).Append(", ");
     // ...
   }
 }
 </pre>
 <h2>Compliant Solution</h2>
 <pre>
-public void doSomething(List&lt;string&gt; strings) {
-  foreach(string str in strings) {
+public void DoSomething(List&lt;string&gt; strings) {
+  foreach(var str in strings) {
     // ...
   }
 }
 </pre>
 <p>or</p>
 <pre>
-public void doSomething(List&lt;string&gt; strings) {
-  StringBuilder sb = new StringBuilder();  // Noncompliant
+public void DoSomething(List&lt;string&gt; strings) {
+  var sb = new StringBuilder();
   sb.Append("Got: ");
-  foreach(string str in strings) {
+  foreach(var str in strings) {
     sb.Append(str).Append(", ");
     // ...
   }
-  _logger.LogInformation(sb.toString, DateTimeOffset.UtcNow);
+  logger.LogInformation(sb.ToString());
 }
 </pre>
 <h2>Exceptions</h2>
-<p>This rule ignores <code>StringBuilder</code>s that are passed as method arguments on the grounds that they are likely <code>toString</code>ed
-there.</p>
+<p>No issue is reported when <code>StringBuilder</code> is:</p>
+<ul>
+  <li> Accessed through <code>sb.CopyTo()</code>, <code>sb.GetChunks()</code>, <code>sb.Length</code>, or <code>sb[index]</code>. </li>
+  <li> Passed as a method argument, on the grounds that it will likely be accessed through a <code>ToString()</code> invocation there. </li>
+  <li> Passed in as a parameter to the current method, on the grounds that the callee will materialize the string. </li>
+  <li> Retrieved by a custom function (<code>var sb = GetStringBuilder();</code>). </li>
+  <li> Returned by the method. </li>
+</ul>
 

analyzers/rspec/cs/S3878_c#.html

@@ -1,31 +1,31 @@
-<p>There’s no point in creating an array solely for the purpose of passing it as a params (<code>...</code>) argument; params keyword allow to pass a
-variable number of parameters that will behave exactly like an array variable inside the method implementation. Simply pass the elements directly.</p>
+<p>There’s no point in creating an array solely for the purpose of passing it to a <code>params</code> parameter. Simply pass the elements directly.
+They will be consolidated into an array automatically.</p>
 <h2>Noncompliant Code Example</h2>
 <pre>
-public void CallTheThing() {
-	//...
-	DoTheThing(new string[] { "s1", "s2"});  // Noncompliant: unnecessary
-	DoTheThing(new string[12]);  // Compliant
-	// ...
+public void Base()
+{
+    Method(new string[] { "s1", "s2" }); // Noncompliant: unnecessary
+    Method(new string[] { });            // Noncompliant
+    Method(new string[12]);              // Compliant
 }
 
-public void DoTheThing (params string[] args) {
-	// ...
+public void Method(params string[] args)
+{
+    // ...
 }
 </pre>
 <h2>Compliant Solution</h2>
 <pre>
-public void CallTheThing()
+public void Base()
 {
-	//...
-	DoTheThing("s1", "s2");
-	DoTheThing(new string[12]);
-	// ...
+    Method("s1", "s2");
+    Method();
+    Method(new string[12]);
 }
 
-public void DoTheThing(params string[] args)
+public void Method(params string[] args)
 {
-	// ...
+    // ...
 }
 </pre>
 

analyzers/rspec/cs/S3937_c#.html

@@ -3,9 +3,16 @@
 <p>This rule raises an issue when underscores (<code>_</code>) are used to break a number into irregular subgroups.</p>
 <h2>Noncompliant Code Example</h2>
 <pre>
-int duos = 1_00_00;
-int million = 1_000_00_000;  // Noncompliant
+int thousand = 100_0;
+int tenThousand = 100_00;
+int million = 1_000_00_000;
+</pre>
+<h2>Compliant Solution</h2>
+<pre>
 int thousand = 1000;
-int tenThousand = 100_00;  // Noncompliant
+int tenThousand = 10_000;
+int tenThousandWithout = 10000;
+int duos = 1_00_00;
+int million = 100_000_000;
 </pre>
 

analyzers/rspec/cs/S4507_c#.html

@@ -1,19 +1,14 @@
-<p>Delivering code in production with debug features activated is security-sensitive. It has led in the past to the following vulnerabilities:</p>
-<ul>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999007">CVE-2018-1999007</a> </li>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5306">CVE-2015-5306</a> </li>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006">CVE-2013-2006</a> </li>
-</ul>
-<p>An application’s debug features enable developers to find bugs more easily and thus facilitate also the work of attackers. It often gives access to
-detailed information on both the system running the application and users.</p>
+<p>Development tools and frameworks usually have options to make debugging easier for developers. Although these features are useful during
+development, they should never be enabled for applications deployed in production. Debug instructions or error messages can leak detailed information
+about the system, like the application’s path or file names.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
   <li> The code or configuration enabling the application debug features is deployed on production servers or distributed to end users. </li>
   <li> The application runs by default with debug features activated. </li>
 </ul>
 <p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
-<p>Do not enable debug features on production servers.</p>
+<p>Do not enable debugging features on production servers.</p>
 <p>The .Net Core framework offers multiple features which help during debug.
 <code>Microsoft.AspNetCore.Builder.IApplicationBuilder.UseDeveloperExceptionPage</code> and
 <code>Microsoft.AspNetCore.Builder.IApplicationBuilder.UseDatabaseErrorPage</code> are two of them. Make sure that those features are disabled in

analyzers/rspec/cs/S4663_c#.html

@@ -3,14 +3,12 @@ <h2>Noncompliant Code Example</h2>
 <pre>
 //
 
+/*
+*/
+
 ///
 
 /**
-
- */
-
-/*
-
- */
+*/
 </pre>
 

analyzers/rspec/vbnet/S3063_vb.net.html

@@ -1,9 +1,9 @@
-<p><code>StringBuilder</code> instances that are <code>append</code>ed but never <code>toString</code>ed needlessly clutter the code, and worse are a
-drag on performance. Either they should be removed, or the missing <code>toString</code> call added.</p>
+<p><code>StringBuilder</code> instances that never build a <code>string</code> clutter the code and worse are a drag on performance. Either they
+should be removed, or the missing <code>ToString()</code> call should be added.</p>
 <h2>Noncompliant Code Example</h2>
 <pre>
-Public Sub doSomething(ByVal strings As List(Of String))
-    Dim sb As StringBuilder = New StringBuilder()
+Public Sub DoSomething(ByVal strings As List(Of String))
+    Dim sb As StringBuilder = New StringBuilder() ' Noncompliant
     sb.Append("Got: ")
 
     For Each str As String In strings
@@ -13,25 +13,31 @@ <h2>Noncompliant Code Example</h2>
 </pre>
 <h2>Compliant Solution</h2>
 <pre>
-Public Sub doSomething(ByVal strings As List(Of String))
+Public Sub DoSomething(ByVal strings As List(Of String))
     For Each str As String In strings
     Next
 End Sub
 </pre>
 <p>or</p>
 <pre>
-Public Sub doSomething(ByVal strings As List(Of String))
+Public Sub DoSomething(ByVal strings As List(Of String))
     Dim sb As StringBuilder = New StringBuilder()
     sb.Append("Got: ")
 
     For Each str As String In strings
         sb.Append(str).Append(", ")
     Next
 
-    My.Application.Log.WriteEntry(sb.toString)
+    My.Application.Log.WriteEntry(sb.ToString())
 End Sub
 </pre>
 <h2>Exceptions</h2>
-<p>This rule ignores <code>StringBuilder</code>s that are passed as method arguments on the grounds that they are likely <code>toString</code>ed
-there.</p>
+<p>No issue is reported when <code>StringBuilder</code> is:</p>
+<ul>
+  <li> Accessed through <code>sb.CopyTo()</code>, <code>sb.GetChunks()</code>, <code>sb.Length</code>, or <code>sb(index)</code>. </li>
+  <li> Passed as a method argument, on the grounds that it will likely be accessed through a <code>ToString()</code> invocation there. </li>
+  <li> Passed in as a parameter to the current method, on the grounds that the callee will materialize the string. </li>
+  <li> Retrieved by a custom function (<code>Dim sb As StringBuilder = GetStringBuilder()</code>). </li>
+  <li> Returned by the method. </li>
+</ul>
 

analyzers/rspec/vbnet/S3878_vb.net.html

@@ -1,30 +1,29 @@
-<p>There’s no point in creating an array solely for the purpose of passing it as a ParamArray (<code>...</code>) argument; ParamArray keyword allow to
-pass a variable number of parameters that will behave exactly like an array variable inside the method implementation. Simply pass the elements
-directly.</p>
+<p>There’s no point in creating an array solely for the purpose of passing it to a <code>ParamArray</code> parameter. Simply pass the elements
+directly. They will be consolidated into an array automatically.</p>
 <h2>Noncompliant Code Example</h2>
 <pre>
 Class SurroundingClass
-	Public Sub CallTheThing()
-		DoTheThing(New String() {"s1", "s2"})
-		DoTheThing(New String(11) {})
-	End Sub
+    Public Sub Base()
+        Method(New String() { "s1", "s2" }) ' Noncompliant: unnecessary
+        Method(New String(12) {}) ' Compliant
+    End Sub
 
-	Public Sub DoTheThing(ParamArray args As String())
-		' Do something
-	End Sub
+    Public Sub Method(ParamArray args As String())
+        ' Do something
+    End Sub
 End Class
 </pre>
 <h2>Compliant Solution</h2>
 <pre>
 Class SurroundingClass
-	Public Sub CallTheThing()
-		DoTheThing("s1", "s2")
-		DoTheThing(New String(11) {})
-	End Sub
+    Public Sub Base()
+        Method("s1", "s2")
+        Method(New String(12) {})
+    End Sub
 
-	Public Sub DoTheThing(ParamArray args As String())
-		' Do something
-	End Sub
+    Public Sub Method(ParamArray args As String())
+        ' Do something
+    End Sub
 End Class
 </pre>
 

analyzers/rspec/vbnet/S4507_vb.net.html

@@ -1,19 +1,14 @@
-<p>Delivering code in production with debug features activated is security-sensitive. It has led in the past to the following vulnerabilities:</p>
-<ul>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999007">CVE-2018-1999007</a> </li>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5306">CVE-2015-5306</a> </li>
-  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006">CVE-2013-2006</a> </li>
-</ul>
-<p>An application’s debug features enable developers to find bugs more easily and thus facilitate also the work of attackers. It often gives access to
-detailed information on both the system running the application and users.</p>
+<p>Development tools and frameworks usually have options to make debugging easier for developers. Although these features are useful during
+development, they should never be enabled for applications deployed in production. Debug instructions or error messages can leak detailed information
+about the system, like the application’s path or file names.</p>
 <h2>Ask Yourself Whether</h2>
 <ul>
   <li> The code or configuration enabling the application debug features is deployed on production servers or distributed to end users. </li>
   <li> The application runs by default with debug features activated. </li>
 </ul>
 <p>There is a risk if you answered yes to any of those questions.</p>
 <h2>Recommended Secure Coding Practices</h2>
-<p>Do not enable debug features on production servers.</p>
+<p>Do not enable debugging features on production servers.</p>
 <p>The .Net Core framework offers multiple features which help during debug.
 <code>Microsoft.AspNetCore.Builder.IApplicationBuilder.UseDeveloperExceptionPage</code> and
 <code>Microsoft.AspNetCore.Builder.IApplicationBuilder.UseDatabaseErrorPage</code> are two of them. Make sure that those features are disabled in

analyzers/src/SonarAnalyzer.CSharp/sonarpedia.json

@@ -3,5 +3,5 @@
   "languages": [
     "CSH"
   ],
-  "latest-update": "2023-01-27T09:06:22.842339300Z"
+  "latest-update": "2023-02-16T13:29:06.541771900Z"
 }

analyzers/src/SonarAnalyzer.VisualBasic/sonarpedia.json

@@ -3,5 +3,5 @@
   "languages": [
     "VBNET"
   ],
-  "latest-update": "2023-01-27T09:06:56.299025700Z"
+  "latest-update": "2023-02-16T13:29:34.979573400Z"
 }