Skip to content

9.20
Compare
Choose a tag to compare
@SonarTech SonarTech released this 20 Feb 14:57
9.20.0.85982
afd7543
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Hey everyone!

This release brings a vast number of improvements. The main focus lies on improving the capabilities of our Symbolic Execution engine, which results in much more accurate findings. The biggest visible impact is a significant reduction in false positives around loops for the rules S2583 and S2589.

And a big thank you to @rcatley for their external contribution!

Bug Fixes

  • 8642 - [C#] Exception in SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner

False Positive

  • 8678 - [C#, VB.NET] Fix S2583 FP: Variable Updated in Catch Block
  • 8028 - [C#, VB.NET] Fix S2583 FP: Loop with manually incremented counter
  • 8449 - [C#, VB.NET] Fix S2589 FP: Change this condition so that it does not always evaluate to 'True'
  • 8495 - [C#, VB.NET] Fix S2583/S2589 FP: Return inside lock and using causes FP after the block
  • 8428 - [C#, VB.NET] Fix S2583/S2589 FP: For loop with Array.Length
  • 8483 - [C#, VB.NET] Fix S4158 FP: Should not report on HashSet.UnionWith for readonly fields.
  • 8739 - [C#] Fix S4049 FP: Do not raise on methods with generic parameters
  • 8638 - [C#] Fix S2386 & S3887 FP: should not be raised for FrozenDictionary and FrozenSet
  • 8611 - [C#] Fix S2372 FP: Add support for method invocations (@rcatley)
  • 8567 - [C#] Fix S2325 FP: Primary Constructor Support

False Negative

  • 8486 - [C#] Fix S2589 FN: Tuple binary operations (comparison)

Improvements

  • 8010 - [C#, VB.NET] S2589: Improve message in the case of null propagating operator
  • 7866 - [C#, VB.NET] SE: Allow collection tracking even when S4158 is not active
  • 8499 - [C#] SE: Learn number constraints from relational pattern
  • 8651 - Update RSPEC before 9.20 release

Contributors

rcatley
Assets 6