Releases: SonarSource/sonar-dotnet
Releases · SonarSource/sonar-dotnet
8.46
Hi everyone,
We've worked on improving S2259 rule after it's migration to our new Symbolic Execution engine. We can now fix issues that were previously too difficult or impossible to fix.
Improvements
- 6128 - [C#, VB.NET] S2259: Support NotNullWhenAttribute
- 6092 - [C#] Improve S2259: Take nullable flow state from Roslyn into account
- 6083 - [C#] Improve S2259: Add support for [NotNull]
- 6081 - [C#] Improve S2259: ThrowHelper and Debug.Fail
- 6152 - Update RSPEC before 8.46 release
False Positive
- 6117 - [C#] Fix S2259 FP: Suppress warnings for lifted operator results in null value in value type comparison
- 4989 - [C#] Fix S2259 FP: Combining a null-coalescing operator with the “continue” keyword
- 4784 - [C#] Fix S2259 FP: Return value of ToList() is not null
- 4537 - [C#] Fix S2259 FP: Null conditional combined with null coalescing
- 3416 - [C#] Fix S2259 FP: object.Equals method recognizes null arguments
- 890 - [C#] Fix S2259 FP: Symbolic execution does not enter the
forloop - 349 - [C#] Fix S2259 FP: "Null pointer dereference" should not raise if the variable was tested with Debug.Assert before
- 6135 - [VB.NET] Fix S2259 FPs: Support Microsoft.VisualBasic.Information.IsNothing
False Negative
8.45
Hi everyone,
With this release, we worked on S2259 to support VB and newer C# language features.
Special thanks to @Corniel for his contribution: #194.
New Rules
Improvements
- 5863 - [C#] S2259: Change default SE engine to Roslyn-based
- 5973 - [C#] Improve S2259: Support C# 9 and C# 10 syntax
- 6082 - [C#] Improve S2259: Respect ! (null-forgiving) operator
- 2949 - [C#] Improve S2259: Fill basic constraints for SE of Switch Expressions
- 5971 - [C#] Improve S3353: Improve message
- 6045 - Update RSPEC before 8.45 release
False Positive
- 6067 - [C#] Fix S2259 FP/FN: in the new engine
- 5285 - [C#] Fix S2259 FP: Unrelated ref parameter call breaks constraints
- 6014 - [C#] Fix S3236 FP: Passthrough parameters should be compliant
- 5995 - [C#] Fix S6421 FP: for Azure Functions with already wrapped body in try/catch block.
- 6048 - [C#, VB.NET] Fix S2222 FP: Consider symbols released only if they were previously held
False Negative
Contributors
Corniel
Assets 6
8.44
Hello everyone,
In this release we improve support for constant interpolated strings, file scoped namespace declaration, extended property patterns and attributes on lambda functions. You can find more details below.
Improvements
- 5980 - [C#] Fix CodeFix S3217: Using directives are now moved to the closest namespace when this is file scoped.
False Positives
- 5946 - [C#] FIix FP S1128: Issue raised in global usings although they are used in file projects.
- 5925 - [C#] Fix FP S2360: Extend CallerInfoAttributes with CallerArgumentExpressionAttribute
- 5094 - [C#] Fix FP S3928: When using record parameters
False Negatives
- 6012 - [C#] Fix FN S1128: No issue is raised when the unnecessary using is inside a file scoped namespace
- 5984 - [C#] Fix FN S3927: No issue is raised when an attribute is placed on a lambda
- 5983 - [C#] Fix FN S3981: No issue is raised when property check is done through a pattern.
- 5981 - [C#] Fix FN S2857: No issue is raised when in file scoped namespace
- 5979 - [C#] Fix FN S3261: No issue is raised when in file scoped namespace
- 5947 - [C#] Fix FN S2857: No issue is raised if the SQL string is assembled with constant interpolated strings
- 5945 - [C#] Fix FN S5443: No issue is raised if the publicly writable directory path is assembled with the help of a constant interpolated string
- 5944 - [C#] Fix FN S1313: A hardcoded IP address is not recognized if it is assembled as part of a constant interpolated string
- 5943 - [C#] Fix FN S5332: No issue is raised if an insecure protocol is used as part of a constant interpolated string
- 5942 - [C#] Fix FN S2857: No issue is raised if the malformed SQL query is formatted with the help of constant interpolated strings
- 5998 - [VB.NET] Fix FN S5443: No issue is raised if the publicly writable directory path is assembled with the help of an interpolated string
- 5996 - [VB.NET] Fix FN S1313: No issue is raised if the IP address is assembled as an interpolated string
8.43
Hi everyone,
With this release, we introduced 2 new VB.Net rules and improved the stability and the accuracy of some of our rules. You can find more details below.
Special thanks to @Corniel for his contributions: #5823 and #5930.
New Rules
- 5930 - [VB.NET] Rule S4060: Avoid unsealed attributes
- 5823 - [VB.NET] Rule S4225: Extension method should not extend on object
Improvements
- 5929 - [C#, VB.NET] Add support PCI DSS and ASVS Security Standards
- 5910 - [C#] Fix issue duplication on top-level statements when using Roslyn 4.0.0
- 5896 - [C#, VB.NET] Fix S3776 configuration: Cognitive complexity threshold for property is not registered properly
Bug Fixes
- 5906 - [C#] S3874: Fix AD0001
- 5661 - [C#] [AD0001] S2234 throws ArgumentException when analyzing a constructor call for a type not part of the current compilation
- 5916 - [C#] [AD0001] S2222: IndexOutOfRange for lambda in try/finally
- 5809 - [C#] Fix AD0001 in DatabasePasswordsShouldBeSecure
False Positive
- 5856 - [C#] Fix S1186: FP: Conditional compilation in method should not be considered empty
- 5816 - [C#] Fix S3874 FP: Should not be raised on Deconstruct methods
- 5789 - [C#] S3240 Quick action is incorrect
- 5660 - [C#] Fix S3903: False Positive when using top level statments and partial Program
- 5641 - [C#] Fix S4159: Rule should handle generic interfaces when using System.ComponentModel.Composition
- 5587 - [C#, VB.NET] False-positive for S1871:Two branches in a switch-case when one branches use different overloads of methods
- 5432 - [C#] Fix S3168 FP: Method used as TimerCallback not recognized
- 4962 - [C#] Fix S3240 FP: When using same method on different variables
- 4724 - [C#]
#pragma warning disablecompiler directives are not working for hotspot rules
Contributors
Corniel
Assets 6
8.42
Hello everyone,
In this release, we added support for tuple deconstruction and addressed a couple of FNs/FPs.
Special thanks to @nesc58 for their contribution to #5827.
Improvements
- 5808 - S148: Add support for tuple deconstruction
- 5802 - S2184: Add support for tuple deconstruction
- 5797 - S2123: Add support for tuple deconstruction
- 5793 - S3010, S2696: Add support for tuple deconstruction
- 5785 - S1854: Add support for tuple deconstruction
- 5767 - S1117: Add support for tuple deconstruction
- 5764 - S4057: Add support for tuple deconstruction
- [ 5841 5833 ] - S4433, S2755, S3330, S2092: Add support for tuple deconstruction
- 5794 - S2674: Performance improvements
- 5590 - Remove use of deprecated RulesDefinitionXmlLoader
- 5210 - Remove SQ 7.3 workaround for issue types
- 5852 - Replace 404 doc link to coverage documentation
False Negatives - False Positives
Contributors
nesc58
Assets 6
8.41
Hello!
This release brings new rules for Azure Functions code quality and a major milestone in our new Symbolic Execution engine: support for try/catch/finally blocks. We've also fixed a nasty stochastic bug.
Special thanks to @Corniel for his contributions (#5702, #5703 and #5536).
You can find the details below:
New Rules
- 5710 - S2222: Support try/catch/finally in Symbolic Execution
- 5600 - [C#] Rule S6424: Azure Functions - Entity interfaces restrictions
- 5599 - [C#] Rule S6423: Always log failures in Azure Functions
- 5598 - [C#] Rule S6422: Calls to "async" methods should not be blocking in Azure Functions
- 5597 - [C#] Rule S6421: Azure Functions should use Structured Error Handling
- 5596 - [C#] Rule S6420: Azure Functions should use static clients
- 5595 - [C#] Rule S6419: Azure Functions should be stateless
Improvements
- 5786 - S1226: Add support for deconstruction
- 5784 - S1656: Add support for deconstruction
- 5765 - S127: Add support for assignment and declaration in same deconstruction
- 5760 - S1944: Add support for deconstruction
- 5756 - S4055: Add support for deconstruction
- 5752 - S2934: Add support for deconstruction
- 5727 - Update RSPEC before 8.41 release
- 5696 - [C#] S6354: Inconsistent analyzer title
Bug Fixes
- 5692 - Usage of
ISymbol.ToDisplayStringleads to uncaught exceptions stochastically
False Positive
- 5773 - [C#] Fix S3358 FP: Nested ternary operator is in a lambda
- 5703 - [C#] Fix S4581 FP: Support target-typed new expression
- 5686 - [C#] S1185: Derived records need to override ToString to prevent default code generation by the compiler
- 5657 - [C#] Fix S2221 FP: Do not raise in Azure Functions
- 5625 - [C#] S138, S1541, S3776 - exclude static local functions from computing method complexity
- 5507 - [C#] S2187: Rule should not raise False Positives if MSTEST test method is in a base class higher up in the inheritance hierarchy
False Negative
- 5680 - [C#] S138, S1541, S3776 - compute complexity for static local functions as a separate piece of code.
Performance
Contributors
Corniel
Assets 6
8.40
Hi everyone,
In the last sprint, we took the time to reduce the noise by addressing some false positives and improving the handling of static local functions.
Special thanks to @Corniel for his contributions to improving our S4581 rule.
You can find the details below:
New Rules
- 5616 - [C#] Rule S4581: Add C# code fix
- 5615 - [VB.NET] Rule S4581: Guid.Empty is preferred for VB.NET
Improvements
- 5674 - Update rule documentation
- 5669 - S138: Exclude local static functions from the sum of lines when they are placed in other methods.
- 5668 - [C#] S3776: Exclude static local functions from complexity computation
- 5666 - [C#, VB.NET] S4159: Add support for System.Composition.ExportAttribute
False Positive
Contributors
Corniel
Assets 6
8.39
Hi everyone,
In the last sprint, we added support for record structs for the remaining rules.
Improvements
- 5609 - S1192: Add support for record structs
- 5592 - S1450: Add support for record struct
- 5606 - S1939: Add support for record struct
- 5632 - S2257: Add support for record structs
- 5580 - S2326, S3925: Add support for record struct
- 5605 - S2333: Add support for record struct
- 5611 - S2436: Add support for record structs
- 5607 - S2743: Add support for record struct
- 5612 - S3059: Add support for record structs
- 5577 - S3218: Add support for record structs
- 5622 - S3241: Add support for record structs
- 5608 - S3263 Add support for record struct
- 5620 - S3898: Add support for record struct
- 5633 - S3996: Add support for record structs
- 5613 - S4041: Add support for record structs
- 5593 - S4049: Add support for record struct
- 5604 - S4059: Add support for record struct
- 5578 - S4136: Add support for record struct
- 5634 - S5766: Add support for record struct
- 5614 - Update RSPEC before 8.39 release
False Positive
8.38
Hi everyone,
In the last sprint, we improved the performance of some of our rules, added support for record structs (an effort that will continue for the next version), and fixed some false positives (S1172 included) and false negatives.
Special thanks to @dammejed for his contributions to improving our S2187 rule.
Improvements
- 5575 - [C#] S2952: Add support for record structs
- 5574 - [C#] S3903: Add support for record structs
- 5571 - [C#] S100/S101/S3909: Add support for record structs
- 5568 - [C#] S3168, S1200: Add support for record struct
- 5561 - [C#] Rules S3887, S2386: Add support for records and record structs
- 5513 - Update RSPEC before 8.38 release
False Positive
- 5491 - [C#, VB.NET] Fix S1172 FP: Raises randomly under VS context
- 5522 - [C#, VB.NET] Fix S2222 FP: SpinLock.TryEnter followed by nested finally regions
- 4949 - [C#] Fix S1854 FPs: Improve catch block links
- 5564 - [C#] Fix S2187 FP: Support test attributes deriving from
ITestBuilderin NUnit - 5498 - [C#] Rule S3400: FP when using default interface implementation
- 5443 - [C#] S3242 should not suggest change resulting into S4017
- 5428 - [C#] S2252 FP: Rule raises issue in case of non integer value in for loop.
- 5381 - [C#] S1144 FP: using a private record constructor with positional syntax
- 5238 - [C#] Fix S2743 FP: Don't report on static fields which use the type parameter
- 4832 - [C#] Fix S3963 FP: Should not raise for conditional logic
False Negative
Performance
- 4745 - [C#] Rule S110: should support concurrent execution
- 4351 - [C#] Fix S1144 / S4487 perf regression: UnusedPrivateMember
- 4350 - [C#] Fix S1450 performance regression: PrivateFieldUsedAsLocalVariable
- 4349 - [C#] Fix S3971 performance regression: DoNotCallGCSuppressFinalize
- 4220 - [C#, VB.NET] Reduce the number of symbols retrieved by SymbolReferenceAnalyzer
- 3854 - [C#, VB.NET] S3869, S3889, S3902, S3885, S1147, S1215, S3971, S4040 Improve formance: DoNotCallMethodsBase
Contributors
dammejed
Assets 6
8.37
Hello everyone,
in this release, we've improved the S2222 rule and added it to the SonarWay profile.
We've also enabled concurrency by default. You can opt out by setting SONAR_DOTNET_ENABLE_CONCURRENT_EXECUTION environment variable to false in case you face some issues.
New Features
- 5310 - [C#] Add S2222 to SonarWay profile
- 5074 - [C#, VB.NET] Enable concurrent execution by default
- 5463 - Provide OWASP Top 10 2021 security standards for rules metadata
Improvements
- 5415 - Improve S2222: add tracking for returning values when lock is aquired
- 5419 - Improve S2222: add support for ref parameter lock status tracking
- 5416 - Improve S2222: add support for
IsReadLockHeldandIsWriteLockHeld - 5519 - Improve S2222: add support for
Monitor.IsEntered - 5395 - [C#, VB.NET] Learn constraints on branching in SE
- 5308 - [C#, VB.NET] Support conditional branching in SE
- 5478 - [C#, VB.NET] Support BinaryOperation for Boolean expressions in SE
- 5469 - [VB.NET] Support implicit VB.NET declaration value in SE
- 5459 - Use LVA in the new SE
- 5480 - Support tracking of flow capturing operations in SE
- 5460 - Enable SE SymbolicCheck to return multiple states
- 5502 - Update RSPEC before 8.37 release
checks
False Positive
- 5503 - [C#] Fix S3241 FP: When method is async
- 5457 - [C#] Fix S4226 FP: Should not raise for generated class
- 5451 - [C#] Fix S3459 FP: Flags unassigned fields in serializable classes