8.55

This version contains the prerequisite to support sonar.exclusions, sonar.inclusions, sonar.global.exclusions, sonar.test.exclusions, sonar.test.inclusions and sonar.global.test.exclusions parameters when the analysis is run inside SonarLint for Visual Studio. Stay tuned, the second and final part of the feature will be implemented soon by the SonarLint team.

In the meantime, if you are wondering what these parameters are, you can find more information about them in our documentation.

• 6877 - Support exclusion and inclusion parameters when run by SonarLint

New Rules

• 6885 - [C#, VB.NET] ExcludeFromCodeCoverage attributes should include a justification
  Special thanks to @Corniel for implementing this new rule!

Improvements

• 6798 - Update RSPEC before 8.55 release

False Positive

• 6630 - [C#] Fix S3415 FP/FN: Support named arguments
• 6525 - [C#] Fix S2699 FP: AssertionMethodAttribute is ignored when assertion method is inherited
• 6438 - [C#] Fix S1905 FP: Nullability context and array of anonymous types

8.54

In this release we added six code structure and best practice rules.

Thank you @teo-tsirpanis, for contributing #6580

New Rules

• 6706 - [C#] New Rule S3398: "private" methods called only by inner classes should be moved to those classes
• 6704 - [C#] New Rule S2094: Classes should not be empty
• 6703 - [C#, VB.NET] New Rule S4545: "DebuggerDisplayAttribute" strings should reference existing members
• 6701 - [C#] New Rule S2445: Blocks should be synchronized on read-only fields
• 6662 - [C#] New rule S2970: Assertions should be complete
• 6854 - [C#] New rule S6507: Blocks should not be synchronized on local variables

Improvements

• 6763 - Update RSPEC before 8.54 release
• 6761 - Improve Rule S2223: cleanup and performance
• 6678 - Report deprecation analysis warning for MsBuild 14/15

Performance

• 6785 - Performance: Token Type Utility Analyzer: Avoid allocations

Bug Fixes

• 6766 - [C#] Old SE: Handle unsupported syntax gracefully

False Positive

• 6229 - [C#] Fix S2952 FN/FP: FNs on conditional invocation and FPs on additional disposal

False Negative

• 6580 - [C#] FN S2857: Add support for Microsoft SqlClient Data Provider for SQL Server

8.53

New Rules

• 6658 - [C#] New rule S2198: Silly mathematical comparisons should not be made
• 6705 - [C#, VB.NET] New rule S2166: Classes named like "Exception" should extend "Exception" or a subclass
• 6663 - [C#, VB.NET] New rule S4663: Comments should not be empty
• 6659 - [C#, VB.NET] New rule S3063: "StringBuilder" data should be used
• 6657 - [C#, VB.NET] New rule S3878: Arrays should not be created for params parameters
• 6656 - [C#, VB.NET] New rule S1133: Deprecated code should be removed

Improvements

• 6676 - Update RSPEC before 8.53 release
• 6634 - Enable Incremental Analysis ITs
• 6521 - [C#] Improve S1244: Add message to use "IsX" instead of "== double.X"
• 6331 - [C#] Improve S3927: Interfaces should be excluded
• 6321 - [C#] Improve S1144: Highlight only the identifier name

False Positive

• 6653 - [C#] Fix S4487 FP: ??= operator reads value
• 6616 - [C#] Fix S2219 FP: "Use the is operator" reports "unfixable" code
• 5430 - [C#] Fix S3220 FP: Rule does not take into account access modifier of the members

8.52

@Corniel: Thank you for implementing S3898 for VB.NET!

New Rules

• 6667 - [VB.NET] Implement S3898 -ValueTypes should implement IEquatable - for VB.NET

Improvements

• 6638 - Rename S3866 to DoNotUseIIf
• 6636 - [C#] Update S4018: Improve rule message
• 6605 - Bump sonar-plugin-api from 9.13.0.360 to 9.14.0.375
• 6602 - Add clean code as a tag on our nuget packages
• 6573 - Fix ProjectOutFolderPath processing
• 6571 - Update RSPEC before 8.52 release
• 6532 - Refactor SonarAnalysisContext
• 6511 - Remove useless package references
• 6488 - [C#] Merge rule S4214 onto S4200
• 6132 - [C#] Remove S4457 from SonarWay

Bug Fixes

• 6612 - [C#] Fix S3353: Add support for different function types
• 6598 - Incremental PR analysis fails for SQ < 9.4

False Positive

• 6449 - [C#] Fix S4457 FP: When argument check is after async code
• 5879 - [C#] Fix S2930 FP: Recognize IAsyncDisposable

False Negative

• 6646 - Fix S2190 FN: Recursion inside init accessor of property

8.51

Hello everyone,

We are happy to announce that in this release we implemented Incremental PR analysis for C# and Vb.Net, a feature that can significantly reduce the analysis time when analyzing PRs.

Additionally, we fixed false positives and negatives introduced by the new C# 11 syntax and introduced a new rule #5693

Special thanks to our contributors @Corniel for #5693 and @Smenus for #6497.

New features

Incremental PR analysis (#6514, #6512, #6487, #6486, #6485, #6484, #6483)

New rules

• 5693 - [C#, VB.NET] New rule S6444: RegEx evaluation should have a time out specified

Improvements

• 6477 - Update RSPEC before 8.51 release and deprecate S4214

False Positive

• 6497 - [C#] Fix S2699 FP: Support derivations of ExpectedExceptionBaseAttribute for MsTest
• 6476 - [C#, VB.NET] Fix FNs/FPs: Add support for LibraryImportAttribute
• 6429 - [C#] Fix S1067 FP: Conditionals in pattern should not be considered as a unit for the whole pattern

False Negative

• 6517 - [C#] Fix S2674 FN: Add support for ConfigureAwait
• 6481 - [C#] Fix S2674 FN: Add support for Stream.ReadAtLeast
• 6441 - Fix S2302 FN: Issue is not raised when the name of one of the method parameters is a raw string literal
• 6423 - [C#] Fix S1244 FN: Half, NFloat, and IFloatingPointIeee754 are not supported
• 6399 - Fix S2201 FN: Support native ints
• 6394 - Fix S2068 FN: Support utf-8 string literals
• 6393 - Fix S1168 FN: Support mathematical operators in generic types
• 6387 - Fix S3267 FN: Support list pattern
• 6386 - Fix S3444 FN: Support static methods in interfaces
• 6164 - Fix S4426 FN: On .Net 7 when using ECDsaOpenSsl

8.50

Hi everyone,

This release brings you the second fragment of C# 11 support in our Sonarway rules. It fixes false negatives that were caused by the new C# 11 syntax. Look out for new releases as soon we will start adding C# 11 support to our non-sonarway rules.

Special thanks to @Corniel for implementing a new VB.NET rule, and also for adding a new codefix provider.

New Rules

• 6459 - [VB.NET] Implement S1123 - Obsolete attributes need explanation - for VB.NET
• 6043 - [C#] Add code fix for S3353: Unchanged local variables should be const

Improvements

• 6404 - Update RSPEC before 8.50 release
• 5274 - Target JDK 11 in Java plugins

False Negative

• 6434 - Fix S3433 FN: Support derived attributes
• 6397 - Fix S1607 FN: Support derived attributes
• 6392 - Fix S3456 FN: Support utf-8 literals
• 6388 - [C#] Fix S3218 FN: Support interfaces
• 6385 - Fix S2190 FN: Support mathematical operators in generic types
• 6383 - Fix S5122 FN: Support raw string literals interpolation
• 6378 - Fix S1117 FN: Support list patterns
• 6377 - Fix S1481 FN: Support list patterns
• 6376 - Fix S1313 FN: Support utf-8 literals

8.49

Hi everyone,

This release brings you the first fragment of C# 11 support in our Sonarway rules. It fixes a nice number of false positives and false negatives that were caused by the new C# 11 syntax. Look out for new releases as we will continue working on our C# 11 syntax support.

Special thanks to @Corniel for his contribution: #6279.

New Rules

• 6279 - [VB.NET] Implement S3871: Exceptions should be public - for VB.NET

Improvements

• 6338 - Add repository link to NuGet packages
• 6315 - Update RSPEC before 8.49 release

Bug Fixes

• 6341 - [C#] AD0001 for S4426: CryptographicKeyShouldNotBeTooShort

False Positive

• 6313 - Fix S2933 FP: Support unsigned right-shift operator (>>>)
• 6312 - Fix S3875 FP: Do not raise an issue when implementing IEqualityOperators interface
• 6311 - Fix S3927 FP: Support static abstract/virtual interface methods
• 6307 - Fix S2225 FP: Support static virtual/abstract interface methods
• 6302 - Fix S1854 FP: Support newlines in string interpolation
• 6301 - Fix S1854 FP: Support interpolated raw string literals

False Negative

• 6309 - Fix S6419 FN: Support unsigned right-shift operator (>>>)
• 6308 - Fix S1121 FN: Support unsigned right-shift operator (>>>)
• 6304 - Fix S2696 FN: Support unsigned right-shift operator (>>>)
• 6303 - Fix S3010 FN: Support unsigned right-shift operator (>>>)
• 6299 - Fix S4790 FN: Support multi-line string interpolation
• 6298 - Fix S4790 FN: Support raw string literals
• 6297 - Fix S5332 FN: Support utf-8 string literals
• 6296 - Fix S2934 FN: Support unsigned right shift operator (>>>)
• 6295 - Fix S3060 FN: Support list patterns
• 6294 - Fix S2183 FN: Support unsigned right-shift operator (>>>)
• 6293 - Fix S2115 FN: Support multi-line string interpolation inside a raw string literal
• 6292 - Fix S2479 FP: Ignore raw string literals
• 6291 - Fix S2479 FN: Support utf-8 strings
• 6290 - Fix S2479 FN: Support raw string literals with interpolation
• 6289 - S2688 FN: Do not raise for IsExpression since it works as expected
• 6288 - Fix S1118 FN: Support static abstract/virtual interface implementation classes
• 6287 - Fix S3247 FN: Support list patterns
• 5744 - Fix S4456/S4457 FN: Recognize ArgumentNullException.ThrowIfNull()

8.48

Hi everyone,

This release fixes a false positive on the null pointers should not be dereferenced rule for VB.NET.

False Positives

• 6271 - [VB.NET] Fix S2259 FP: Support VB.NET static local variables

Improvements

• 6269 - Mention altcover in public link
• 6225 - Update RSPEC before 8.48 release

8.47

In this release, we further improved S2259 (Null pointers should not be dereferenced) and fixed security-related false positives.

Special thanks to @Corniel for his contribution: #6112.

New Rules

• 6112 - [VB.NET] Implement S2225 - ToString should not return null - for VB.NET

Improvements

• 6213 - Fix S2068 FP: Do not report on empty values in config files
• 6182 - Rule S2068: detect hard-coded passwords in web.config files
• 6199 - S2068: Support colon in uri password
• 3905 - [C#, VB.NET] Rule S2077: support for additional database libraries
• 6204 - Support new C#11 string types in CopyPasteTokenAnalyzer and TokenTypeAnalyzer
• 6181 - [C#] Improve S3963: Highlight only the identifier instead of the full constructor body
• 5824 - [C#] Improve S2259: Support DoesNotReturnIf for custom assertions
• 6175 - Update RSPEC before 8.47 release

False Positive

• 6176 - [C#, VB.NET] Fix S2259 FP: SingleOrDefault() and FirstOrDefault() used within EF LINQ queries
• 6157 - [C#, VB.NET] Fix S2259 FP: Support TypeOf operation
• 6100 - [C#, VB.NET] Fix S2259 FP: Reset constraints on calls in static methods
• 6103 - [C#] Fix S2259 FP: Reset fields on this invocation with flow captures
• 6170 - [C#] Fix S2259 FP: Should not report in switch expression after a null check
• 6141 - [C#] Fix S5332 FP: Ignore for WPF xml definitions
• 6080 - [C#, VB.NET] Fix S1313: Exclude local IPv4-mapped IPv6 address
• 6064 - [C#, VB.NET] Rule S1313: Exclude reserved documentation IP ranges

8.46

Hi everyone,

We've worked on improving S2259 rule after it's migration to our new Symbolic Execution engine. We can now fix issues that were previously too difficult or impossible to fix.

Improvements

• 6128 - [C#, VB.NET] S2259: Support NotNullWhenAttribute
• 6092 - [C#] Improve S2259: Take nullable flow state from Roslyn into account
• 6083 - [C#] Improve S2259: Add support for [NotNull]
• 6081 - [C#] Improve S2259: ThrowHelper and Debug.Fail
• 6152 - Update RSPEC before 8.46 release

False Positive

• 6117 - [C#] Fix S2259 FP: Suppress warnings for lifted operator results in null value in value type comparison
• 4989 - [C#] Fix S2259 FP: Combining a null-coalescing operator with the “continue” keyword
• 4784 - [C#] Fix S2259 FP: Return value of ToList() is not null
• 4537 - [C#] Fix S2259 FP: Null conditional combined with null coalescing
• 3416 - [C#] Fix S2259 FP: object.Equals method recognizes null arguments
• 890 - [C#] Fix S2259 FP: Symbolic execution does not enter the for loop
• 349 - [C#] Fix S2259 FP: "Null pointer dereference" should not raise if the variable was tested with Debug.Assert before
• 6135 - [VB.NET] Fix S2259 FPs: Support Microsoft.VisualBasic.Information.IsNothing

False Negative

• 3290 - [C#] Fix S2259 FN: Linq 'XxxOrDefault' extensions should create null and not-null constraints