Releases: SonarSource/sonar-dotnet
Releases · SonarSource/sonar-dotnet
9.25
Hello everyone,
This release comes with seven new rules for ASP.NET core alongside some improvements.
Enjoy!
New Rules
- 9096 - [C#] New Rule S6966: Awaitable method should be used
- 9095 - [C#] New Rule S6967: ModelState.IsValid should be called in controller actions
- 9094 - [C#] New Rule S6964: The value type properties of a model class should be nullable or marked as "Required" to avoid under-posting.
- 9093 - [C#] New rule S6968: Actions that return a value should be annotated with ProducesResponseTypeAttribute containing the return type
- 9092 - [C#] New rule S6965: You should use HttpAttribute in API controller actions
- 9091 - [C#] New rule S6962: You should pool HTTP connections with HttpClientFactory
- 9089 - [C#] New rule S6960: Controllers should not have too many responsibilities
Bug Fixes
False Positive
Improvements
Rule deprecations and deletions
9.24
Hey everyone,
This release contains one new ASP.NET Rule (S6961) and several general improvements and fixes. Enjoy!
Improvements
- 9090 - [C#] New rule S6961 for C#: API Controllers should derive from ControllerBase instead of Controller
- 8696 - Fix coverage aggregation from multiple reports
- 9048 - Create SonarAnalyzer.CSharp.Styling project
- 7774 - [C#, VB.NET] Fix S1144: Nested type constructor accessibility is wrong in the rule message
- 8980 - Update RSPEC before 9.24 release
Bug Fixes
- 9113 - [C#, VB.NET] AD0001: ArgumentNullException in SymbolicExecutionRunner
- 8977 - [C#] CfgAllPathValidator AreAllSuccessorsValid Stack Overflow on Windows and error MSB6006 in Linux Codespaces
False Positive
- 9063 - [C#, VB.NET] Fix S2094 FP: Should not raise for messages
- 9062 - [C#, VB.NET] Fix S2094 FP: Documentation using the DefaultDocumentation package
- 7591 - [C#, VB.NET] Fix S2094 FP: Implicit parameterless constructor widens the scope of the base class constructor
- 8163 - [C#, VB.NET] Fix S3878 FP: Jagged arrays
False Negative
9.23.2
Hello, everyone!
Today we are doing a bug fix release that also addresses a couple of false positives. We deprecated VB support for S6931 and removed the rule from the "Sonar Way" quality profile for VB.
Special thanks to @Corniel for fixing #9019!
Bug fix
Improvements
- 9075 - Update RSPEC before 9.23.2 release
False Positive
Contributors
Corniel
Assets 6
9.23.1
9.23
Hello everyone!
This release comes with two new rules for ASP.NET, false positive fixes, and other improvements.
A big thank you to @Corniel for their external contribution with #8898!
New Rules
- 8872 - [C#] New rule S6934: You should specify the RouteAttribute when an HttpMethodAttribute is specified at an action level
- 8870 - [C#, VB.NET] New rule S6931: ASP.NET controller actions should not have a route template starting with "/"
False Positives
- 8898 - [C#] Fix S3993 FP: Allow abstract attributes not to decorate Attribute usage
- 8510 - [C#] Fix S3878 FP: When the input array is a collection expression with the spread operator
- 8260 - [C#] Fix S1117 FP: Field/property instances are not accessible from static methods
- 7709 - [C#] Fix S2094 FP: Marker interface not detected when using records
- 6633 - [C#] Fix S2857 FP: Rule is not checking SQL keywords in const interpolated string
Other improvements and fixes
Contributors
Corniel
Assets 6
9.22
New Rules
- 8869 - [C#, VB.NET] New rule S6930: Backslash should be avoided in route templates
- 8844 - [C#] New rule S3416: Loggers should be named for their enclosing types
- 8840 - [C#] New rule S6675: Trace.WriteLineIf should not be used with TraceSwitch levels
- 8847 - [C#] New rule S2139: Exceptions should be either logged or rethrown but not both
- 8845 - [C#] New rule S6664: Too many logging calls within a code block
- 8843 - [C#] New rule S6672: Generic logger injection should match enclosing type
- 8842 - [C#] New rule S6669: Logger field names should comply with a naming convention
- 8841 - [C#] New rule S6670: Trace.Write and Trace.WriteLine should not be used
- 8769 - [C#] New rule S6673: Log message template placeholders should be in the right order
- 8846 - [C#] New rule S1312: Logger fields should be
private static readonly[Non-SonarWay]
False Positive
9.21
New Rules
- 8771 - [C#] New rule S6678: Use PascalCase for named placeholders
- 8770 - [C#] New rule S6674: Log message template should be syntactically correct
- 8768 - [C#] New rule S2629: Logging templates should be constant
- 8767 - [C#] New rule S6677: Named placeholders should be unique
- 8766 - [C#] New rule S6667: Exceptions should be passed as an argument when logging in a catch clause
- 8765 - [C#] New rule S6668: Logging arguments should be passed to the correct parameter
Improvements
- The following rules were promoted to the SonarWay profile: S127, S1244, S1696, S1192, S1994, S2701, S2955
Bug Fixes
- 8787 - [C#] Fix AD0001: SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner throws an exception on unknown Numeric Constraints
False Positive
9.20
Hey everyone!
This release brings a vast number of improvements. The main focus lies on improving the capabilities of our Symbolic Execution engine, which results in much more accurate findings. The biggest visible impact is a significant reduction in false positives around loops for the rules S2583 and S2589.
And a big thank you to @rcatley for their external contribution!
Bug Fixes
- 8642 - [C#] Exception in
SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner
False Positive
- 8678 - [C#, VB.NET] Fix S2583 FP: Variable Updated in Catch Block
- 8028 - [C#, VB.NET] Fix S2583 FP: Loop with manually incremented counter
- 8449 - [C#, VB.NET] Fix S2589 FP: Change this condition so that it does not always evaluate to 'True'
- 8495 - [C#, VB.NET] Fix S2583/S2589 FP: Return inside lock and using causes FP after the block
- 8428 - [C#, VB.NET] Fix S2583/S2589 FP: For loop with Array.Length
- 8483 - [C#, VB.NET] Fix S4158 FP: Should not report on HashSet.UnionWith for readonly fields.
- 8739 - [C#] Fix S4049 FP: Do not raise on methods with generic parameters
- 8638 - [C#] Fix S2386 & S3887 FP: should not be raised for FrozenDictionary and FrozenSet
- 8611 - [C#] Fix S2372 FP: Add support for method invocations (@rcatley)
- 8567 - [C#] Fix S2325 FP: Primary Constructor Support
False Negative
Improvements
Contributors
rcatley
Assets 6
9.19
Hello,
small release to enhance the deprecation warning before SonarQube v.10.4, explicitly notifying users analyzing with MSBuild 14 that it's no longer supported while maintaining the deprecation status for MSBuild 15.
Furthermore, we've also introduced three improvements to our rules:
Improvements
- 8609 - AnalysisWarningAnalyzerBase: targeted warnings for MSBuild14/15
- 8559 - [C#, VB.NET] Fix S2178 Rule message: Mention extracting right operand if applicable
- 6139 - [C#, VB.NET] Detect symbol references for @ keyword identifiers
- 3753 - [C#, VB.NET] S1186: also inspect empty
setandinitand empty local functions
9.18
Hi everyone!
This release focuses on fixing false positives and on general improvements that will be included in the upcoming SonarQube 10.4.
False Positive
- 7792 - [C#, VB.NET] Fix S1125 FP: Type check with System.Object
- 7904 - [C#] Fix S1144 FP: Record method PrintMembers
- 6326 - [C#] Fix S2437 FP: None of the operands is 0
- 7620 - [C#] Fix S6618 FP: Projects targeting runtime lower than .NET 6.0
- 8560 - [C#] Fix S4027 FP: BinaryFormatter. Serialization constructors are obsolete and should not be required