Releases: SonarSource/sonar-dotnet
9.15
Hello everyone,
This release focuses on performance improvement.
We made several changes to how we register our rules for analysis.
Based on our measurement, we improve the build time by 5% to 15%, depending on project size and complexity! 🔥 🚀
Fixes
- 8424 - Razor: SymbolReference locations for
@typeparamare misplaced
Improvements
False Positive
Performance
- 8183 - [C#, VB.NET] Improve S5443 performance: Reuse compiled Regex
- 8185 - [C#, VB.NET] Improve S2068 performance: Reuse compiled Regex
- 8399 - [C#, VB.NET] Reduce time spend in
HasMatchingScopefor SyntaxNode registration - 8406 - [C#, VB.NET] Cache RegisterNodeAction checks result per SyntaxTree
- 7858 - [C#, VB.NET]
FileMetadataAnalyzerandUtilityAnalyzerBaseshould useIsGeneratedfromSyntaxTreeExtensions - 6558 - [C#, VB.NET] Performance: UtilityAnalyzerBase calls GetSemanticModel for each SyntaxTree
- 7368 - [C#, VB.NET] UtilityAnalyzer: Use RegisterCompilationStartAction
- 7411 - [C#, VB.NET] UtilityAnalyzer: Reduce lock contention in
ShouldGenerateMetrics
9.14
Hello everyone!
We are happy to announce that we now have 5 dedicated Blazor rules 🚀 🥳
Special thanks to our contributor (and former colleague) @sagi1623 for fixing #8302.
Improvements
- 8274 - [C#] New rule S6797: Query parameter should be of supported type
- 8278 - [C#] New rule S6798: [JSInvokable] attribute should only be used on public methods
- 8275 - [C#] New rule S6800: Component parameter type should match the route parameter type constraint
- 8277 - [C#] New rule S6802: Using lambda expressions in loops should be avoided in Blazor markup section
- 8338 - [C#] New rule S6803: Parameters with SupplyParameterFromQuery attribute should be used only in routable components
- 8228 - [C#] Deprecate S4212
- 8346 - Create CFG from member node
- 8271 - Adding missing operation wrappers and syntax kinds to the shim layer
- 8230 - Update Signing Certificate
- 8290 - Update RSPEC before 9.14 release
Bug Fixes
- 8310 - [C#, VB.NET] Fix S2068 AD0001: Overflow exception when a configuration file value is a number greater than Int32.MaxValue
False Positive
- 8285 - [C#, VB.NET] Fix S2583 FP: Number constraint from remainder calculation is not correct.
- 8358 - [C#] Fix S2743 FP: Arrow properties do not have static fields
- 7624 - [C#] Fix S3604 FP: Primary constructors
False Negative
- 8335 - [C#] Fix S2259 FN: FlowCaptures in Field/PropertyReference.Instance
- 6050 - [C#] Fix S2930 FN: Track System.Threading.CancellationTokenSource
Performance
Contributors
Assets 6
9.13
Hello everyone!
We are happy to announce that we now officially support .Net 8 and C# 12 🚀 🥳
Special thanks to our contributor (and former colleague) @sagi1623 for fixing #8152.
Due to some technical problems, we could not sign the NuGet packages and we did not push them to nuget.org.
Improvements
- 8234 - [C#, VB.NET] Revert optional plugin support
- 3682 - [C#, VB.NET] Update S4830: add a message on secondary locations
- 3694 - [C#] Update S5773: add a message on secondary locations
- 8159 - Update RSPEC before 9.13 release
Bug Fixes
False Positive
- 8080 - [C#, VB.NET] Fix S2583 FP: Issue is raised when there is comparison to a constant.
- 8045 - [C#, VB.NET] Fix S2583/S2589 FP: Rule S4158 sets number constraint on Length property, unrelated to Collections.
- 8041 - [C#, VB.NET] Fix S4158 FP: The analyzer incorrectly concludes the HashSet is guaranteed to be empty
- 7964 - [C#, VB.NET] Fix S6602 FP: "Find" method should not be used for EF Core queries
- 7329 - [C#, VB.NET] Fix S2368 FP: Do not raise on extension methods when "this" is multidimensional array
- 7582 - [C#] Fix S4158 FP: rule raised where there is no guarantees of emptiness
- 8156 - [C#] Fix S107 FP: Don't raise on Zero-overhead member access methods
- 8087 - [C#] Fix S3253 FP: Conflicts with CS8983 - A 'struct' with field initializers must include an explicitly declared constructor.
- 7991 - [C#] Fix S4070 FP: Raised on flagged enum
- 7935 - [C#] Fix S2092 FP: When the "Secure" field is set in a conditional (may also impact S3330)
- 7867 - [C#] Fix S5693 FP: custom fileUploadSizeLimit parameter ignored when parsing Web.config files
- 7714 - [C#] Fix S3928 FP: Parameter names used into ArgumentException constructors should match an existing one
- 6126 - [C#] Fix S2857 FP: @ parameter with nameof and FN after [tablename]
False Negative
- 8083 - [C#, VB.NET] Fix S2368 FN: constructors
- 8070 - [C#, VB.NET] Fix S2234 FN: this and base constructors
- 8172 - [C#] Fix S1075 FN: Support collections and collection expressions
- 8143 - [C#] Fix S107 FN: support primary constructors
- 8131 - [C#] Fix S1117 FN: support primary constructors
- 8130 - [C#] Fix S4061 FN: support constructors
- 8129 - [C#] Fix S1075 FN: default parameters
- 8122 - [C#] Fix S1118 FN: empty primary constructor
- 8119 - [C#] Fix S3878 FN: collection expressions
- 8103 - [C#] CalculationsShouldNotOverflow.SyntaxKindWalker reduce allocations and evaluations in the hot path
- 8096 - [C#] Fix S3254 FN: primary constructors
- 8092 - [C#] Fix S3253 FN: primary parameterless constructors
- 8071 - [C#] Fix S2234 FN: primary constructors for records, classes and structs
Performance
- 8106 - [C#, VB.NET] LightupHelpers CanWrapNode, CanWrapObject and CanWrapOperation are performance sensitive
Breaking changes
- 8229 - Temporarily disable code signing
Contributors
Assets 6
9.12
Hi everyone,
In this release we added some optimizations, improved a rule's message and deleted a deprecated rule.
Improvements
- 8058 - [C#] Delete S2228
- 8069 - [C#] Improve S3267: Make the message more explicit
- 8060 - [C#] Optimization: TokenType for pointer types, follow-up of #7369
- 8038 - [C#, VB.NET] Optimization: Enable on-demand plugin download
- 8104 - [C#] Use ConvertedType instead of Type for ImplicitObjectCreation
- 8090 - Update RSPEC before 9.12 release
9.11
Hi everyone,
In this release, we added support for incremental PR analysis for .razor files and deleted 4 deprecated rules.
Improvements
9.10
Hello everyone,
We are happy to announce that this version enables the analysis of Razor files (.cshtml and .razor) 🚀.
The feature will be enabled by default and can be configured in the Languages settings, in the next versions of SonarQube / SonarCloud:
Currently, Razor files are not supported in Visual Studio (when using NuGet packages or SonarLint) due to some limitations in the IDE. See
dotnet/razor#9108 and this VS issue.
Improvements
- 7942 - [C#, VB.NET] Delete S4818 (Deprecated)
- 7939 - [C#, VB.NET] Delete S4787 (Deprecated)
- 7985 - [C#, VB.NET] Fix S6563: Typo in issue message
- 7954 - Update RSPEC before 9.10 release
False Positive
9.9
Hello everyone!
This release is focused on improving the symbolic execution engine to increase the issue accuracy.
We also deleted rule S2255 as its deprecation period came to an end.
Deleted Rules:
False Positives
- 7859 - [C#, VB.NET] Fix S2589/S4158: Do not consider a collection not to be empty if a remove method was called.
- 6158 - [C#, VB.NET] Fix S2259 FP: Recognize NotNull results of String methods
False Negatives
- 7910 - [C#] Fix S112 FN: When using null-coalesce operator.
- 7861 - [C#, VB.NET] Fix S4158 FN: If a collection is cleared, mark the collection as empty.
- 7780 - [C#, VB.NET] Fix S2589 FN: Track numerical constant patterns.
- 7704 - [C#, VB.NET] Fix FN S2583/S2589 when Equals is invoked with bool or number parameters.
Other improvements
9.8
This release completes our effort to migrate all our symbolic execution rules from our old to our new engine: S2583 and S2589 are now migrated and see significant improvements. Also, they are now available for VB.NET. This being the last analyzer to migrate means that the engines don't run in parallel anymore, which significantly reduces analysis time.
On top of that, our TokenTypeAnalyzer got a rework, which also improves performance in terms of analysis time and memory usage.
This new release supports a new taxonomy for issues and hotspots that better reflects the characteristics of Clean Code.
New Rules
- 7648 - [VB.NET] S2589: Boolean expressions should not be gratuitous
- 7647 - [VB.NET] S2583: Conditionally executed code should be reachable
Improvements
- 7646 - [C#] Migrate S2583/S2589 to the new Symbolic Execution engine (C#)
- 7369 - [C#] UtilityAnalyzer: Move to a syntax based classification of identifiers in the token type utility analyzer
- 7697, 7803 - Update RSPEC before 9.8 release
False Positives
- 7789 - [C#] Fix S2583/S2589 FP: Do not raise when condition is in the body of a lock statement.
- 2496 - [C#] Fix S2583,S2589 FP: with nullable struct - update symbolic execution engine
- 5601 - [C#] Fix S2583 FP: Variable change not detected inside a loop
- 5002 - [C#] Fix S2583 FP: Property pattern match in else-if condition
- 4755 - [C#] Fix S2583 FP: When using nullable boolean in if-elseif-else.
- 4559 - [C#] Fix S2583 FP: User-defined explicit/implicit casts
- 3288 - [C#] Fix S2583 FP: Invocation argument constraints should be independent
- 2411 - [C#] Fix S2583 FP: confusing message for
Guidcomparison - should trigger S2589 instead - 739 - [C#] Fix S2583 FP: Condition evaluates to constant - false positive when casting floating point numbers
- 7489 - [C#] Fix S2589 FP: Deconstructing a tuple in foreach loop
- 7096 - [C#] Fix S2589 FP: || and property patterns
- 5221 - [C#] Fix S2589 FP with nullable value types
- 3910 - [C#] Fix S2589 FP and FN: Conditional access and pattern matching
- 3565 - [C#] Fix S2589 FP: with StringSegment and literal null
- 3353 - [C#] Fix S2589 FP: ref parameters in multithreading
False Negative
9.7
This release focused on improving the precision of existing rules. We fixed a lot of False Positives, False Negatives, and bugs in Code Fixes.
We also reduced our memory footprint by reducing allocations in the hot path. Thank you @sharwell, for reporting this in #7439 and #7440.
Special thanks to our contributor @nalka0 for the correction of our rule documentation in #7587
Improvements
- 7462 - [C#] Fix S1125: Codefix should set correct condition priority by adding parentheses.
- 2618 - [C#] Fix S1125: Faulty code fix on C# pattern matching in conditional operator
- 7213 - [C#] Improve S109 message
False Positive
- 7633 - [C#] Fix S4023 FP: Interfaces that provide type parameters from base interface
- 7629 - [C#] Fix S1186 FP: Empty method comes from interface
- 7508 - [C#, VB.NET] Fix S6605 FP: Should not fire in expressions
- 7324 - [C#] Fix S3063 FP: StringBuilder used in concatenation
- 6912 - [C#] Fix S1144 FP: Unused fields in class with StructLayout
- 5521 - [C#] Fix S1643 FP: should not apply when strings are not aggregated
- 3945 - [C#] Fix S3925 FP: Classes not having extra properties should not have to extend ISerializable interface
False Negative
- 7688 - [C#] Fix S1125 FN: recognize C#9 "is not" constant pattern
- 2619 - [C#] Fix S1125 FN: recognize "is" keyword with constant pattern
- 7713 - [C#] Fix S1643 FN: consider simple assignments with variable not on the innermost add expression
Performance
- 7664 - Allocations: Make IsUnchanged allocation free in the common case
- 7663 - Allocations: Move stringliteral tokens array to static field
- 7656 - Allocations: Remove delegate allocation from IsExcluded
- 7655 - Allocations: Remove delegate allocation from IsGenerated
- 7440 - Allocations: Unroll AdditionalFile extension method
- 7439 - Allocations: Avoid capturing and delegate allocations in SonarAnalysisContextBase
Contributors
Assets 6
9.6
This release introduces 3 new security-related rules for VB.NET and improves the precision of their existing C# versions by migrating them to the new symbolic execution engine.
This version also includes a new code fix and fixes for false negative issues.
Kudos to @Corniel for his contribution by implementing a codefix for S125 (#313)
New Rules
- 7560 - [VB.NET] New rule S2053: Hashes should include an unpredictable salt
- 7562 - [VB.NET] New rule S3329: Cipher Block Chaining IVs should be unpredictable
- 7565 - [VB.NET] New Rule S5773: Types allowed to be deserialized should be restricted
Improvements
- 7424 - [VB.NET] Merge rule S2373 onto S119 (S2373 is now deprecated)
- 313 - [C#] Rule S125: Add a code fix to remove the commented code
