All notable changes to this project will be documented in this file (CHANGELOG.md
).
Contributors to this file, please follow the guidelines on keepachangelog.com.
For reference, the possible headings are:
- New Feature for new features.
- Improvement for changes in existing functionality.
- Bug for any bug fixes.
- External Contributors to list contributors outside of SonarSource SA.
- Notes
- [All commits](https://github.com/SonarSource/sonar-csharp/compare/7.2.0.5463 ...HEAD)
- #1386 - Drop S3649: to be replaced by SonarQube functionality
- #1387 - Update S4457: make message clearer
- #1380 - Fix S4457 - false positive with local functions
- #1404 - Update S4457: FP when func/action is async/await
- #1389 - AD0001 - NullReferenceException - Object reference not set to an instance of an object
- #1057 - Rule S4211: Members should not have conflicting transparency annotations
- #1072 - Rule S3400: Methods should not return constants
- #1079 - Rule S3923: All branches in a conditional structure should not have exactly the same implementation
- #1151 - Rule S881: Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expression
- #1159 - Rule S4462: Calls to 'async' methods should not be blocking
- #1164 - Rule S4457: Parameter validation in "async"/"await" methods should be wrapped
- #1165 - Rule S4456: Parameter validation in yielding methods should be wrapped
- #1166 - Rule S4428: "PartCreationPolicyAttribute" should be used with "ExportAttribute"
- #1167 - Rule S4426: Cryptographic keys should not be too short
- #1171 - Rule S1192: String literals should not be duplicated
- #1267 - Rule S4524: Switch 'default' case should be first or last
- #1287 - Rule S2255: Cookies should not be used to store sensitive information
- #1290 - Rule S3330: "HttpOnly" should be set on cookies
- #1292 - Rule S2092: Cookies should be "secure"
- #1294 - Rule S2245: Pseudorandom number generators (PRNGs) should not be used in secure contexts
- #1303 - Rule S4432: AES encryption algorithm should be used with secured mode
- #1310 - Rule S4433: LDAP connections should be authenticated
- #1313 - Rule S4564: ASP.NET HTTP request validation feature should not be disabled
- #1329 - Rule S4581: "new Guid()" should not be used
- #1344 - Rule S4586: Non-async "Task/Task" method should not return null
- #1087 - Rules should use analysis scope from RSPEC and not be hardcoded
- #1222 - Deprecate rule S4142
- #1236 - Update S4040: Rule should also cover char calls
- #1256 - Update S1313: Rule should not be run against test sources
- #1258 - Update S2228: Rule should not be run on test sources
- #1260 - Update S1104: Rule should not be run on test sources
- #1262 - Fix S3433: Rule should not report on non-public test methods for xUnit
- #1263 - Adjust the behavior of S131 to not raise an issue when "default" is not at the correct position
- #1282 - Update S4061: Rule should be part of SonarWay
- #1288 - Update S1751: Rule should be a BUG
- #1291 - Update S2486: Rule should be a VULNERABILITY
- #1357 - Fix SonarC# category under SonarQube/SonarCloud general settings
- #1368 - Remove deprecated TEST_SUCCESS_DENSITY
- #825 - Fix S1905: Rule should not report on Cast over multi-dimensional arrays
- #1037 - Fix S1168: "Return empty collection" should not raise when the method return type is XmlNode
- #1083 - Fix S4056: False positives when calling Convert.ToInt32(double x)
- #1123 - Fix S3264: Rule should not raise when 'BeginInvoke' or 'EndInvoke' are called
- #1149 - Fix S2971: Do not trigger on ToList().AsEnumerable()
- #1189 - Fix S4015: Incorrectly Identifies Descendent Overload as Member Hiding
- #1210 - Fix S2933: issue should not be raised for types marked with [Serializable]
- #1219 - Fix S3264: FP when using add/remove syntax
- #1223 - Fix S2228: Should not raise any issue when in a console application
- #1224 - Fix S1694 - message should suggest protected constructor
- #1244 - Fix S109: Rule should not raise FP when using enums
- #1283 - Fix S4061: Rule should not report when method is interop
- #1284 - Fix S4061: Rule should not raise issue when overriding/implenting interface
- #1296 - Fix S4159: Rule should handle generic interfaces correctly
- #1274 - Parameterized rules should be disabled by default
- Fix default activation of rules
- #780 - Rule S4261: Methods should be named according to their synchronicity
- #996 - Rule S109: Magic numbers should not be used
- #1131 - Rule S1048: Destructors should not throw exceptions
- #1170 - Rule S1151: "switch case" clauses should not have too many lines of code
- #1172 - Rule S1264: A "while" loop should be used instead of a "for" loop
- #1184 - Rule S1821: "switch" statements should not be nested
- #1212 - [New SonarLint] Enable all rules by default
- #1155 - Move analyzers to Roslyn 1.3.2 and drop compatibility with VS 2015 < Update 3
- #1161 - Fix S3168: Rule should not be too strict on first parameter name
- #1162 - Fix S2302: Do not raise issue when C# < 6.0
- #1175 - Fix S1118 (Utility classes should not have public constructors) ignores its exceptions
- #1196 - Fix S2187: Rule should not raise False Positives for class inheriting class with tests
- Breaking change: #1155 - Move analyzers to Roslyn 1.3.2 and drop compatibility with VS 2015 < Update 3
- Breaking change: #1212 - [New SonarLint] Enable all rules by default
- #1174 - SonarC# should compare paths using the OS case-sensitivity
- #1013 - Rule S138: Functions should not have too many lines of code
- #1056 - Rule S4277: "Shared" parts should not be created with "new"
- #1058 - Rule S4210: Windows Forms entry points should be marked with STAThread
- #1059 - Rule S4200: Native methods should be wrapped
- #1060 - Rule S4159: Classes should implement their "ExportAttribute" interfaces
- #1063 - Rule S3343: Caller information parameters should come at the end of the parameter list
- #1064 - Rule S3464: Type inheritance should not be recursive
- #1065 - Rule S3353: Unchanged local variables should be "const"
- #1066 - Rule S3060: "is" should not be used with "this"
- #1067 - Rule S3366: "this" should not be exposed from constructors
- #1070 - Rule S4212: Serialization constructors should be secured
- #1071 - Rule S1147: Exit methods should not be called
- #1073 - Rule S3358: Ternary operators should not be nested
- #1075 - Rule S2302: 'nameof' should be used
- #998 - Reduce size of jar
- #1000 - Update S3440: "Variables should not be checked before assignment" should not raise on properties
- #1104 - Update S104: Multiline tokens should count as multiple lines
- #1106 - Update plugin properties to declare them as multi-values property
- #1112 - Update S3776: "Cognitive Complexity" should provide values for remediation function and cost
- #326 - Fix S2930: Should report on all classes implementing IDisposable
- #1124 - Fix S1607: Should be applied for test classes as well
- #242 - Fix S3459: False Positive with interop methods
- #710 - Fix S1144: False positive for partial methods/classes
- #760 - Fix S3881: "Implement IDisposable correctly" has inconsistent behaviour in partial classes
- #767 - Fix S4158: "Empty collections" raises false positive when analyzed method has too many branches
- #777 - Fix S2183: Add 2 exceptions to the rule to reduce the noise
- #789 - Fix S3254: False positive when used in Expression
- #1038 - False positive in S3966: calls to arg.Dispose() are not handled correctly
- #1076 - Fix S3925: Should not raise on explicit implementation of ISerializable
- #1126 - Fix S1607: Should not raise issues for [Ignore] attribute with a parameter
- #1138 - Fix S1643: check if expression is concatenation
- #1129 - Thanks @kvpt!
- #992 - Fix S3532: default clauses with comments should not be reported
- #1002 - Fix S4158: "Empty Collections Should Not Be Enumerated" should not throw InvalidOperationException
- #1003 - Fix S3237: Rule should not throw NullReferenceException when using expression body accessor
- #1006 - Fix S101: Rule should not throw IndexOutOfRangeException
- #1009 - Fix S2933: Code Fix should handle regions
- #888 - Fix S1144: False positive on async Main
- #1010 - Fix S2187: rule should not warn on MSTest when using DataTestMethodAttribute
- #1015 - Fix S107: "Methods with too many parameters" should not raise on constructors calling base
- #1024 - Fix S1172: Rule should also ignore the new Main syntax
- #1004 - Support syntax highlighting for multi-targetting projects that use conditional compilation
- #1014 - Support symbol highlighting for multi-targetting projects that use conditional compilation
- #934 - Don't fail to parse issues on file names with '['
- #318 - Fix S101: Rule should not report an issue on auto-generated members
- #704 - Fix S3168: Rule should not raise FP with UWP event args
- #707 - Fix S4056 and S4058: False positive for string comparisons with StringComparison parameter
- #733 - Update S2325: Rule should exempt MVC / Web Api controller public methods
- #804 - Update S2583: Should not raise issues for boolean constants and literals in conditions
- #929 - Fix S2187: Rule should not raise an issue when class is abstract
- #396 - Update S104: "Too many lines in a file" should only count lines of code
- #656 - Update sensors to support projects with linked (shared) files
- #722 - Update S3415: Support other test frameworks
- #752 - Rule S1110: Redundant parenthesis - move the implementation from S3235
- #786 - Update S2187: Rule should handle "TheoryAttribute"
- #836 - Update S2068: Make the rule parameterised
- #910 - Update S2436: Rule should provide another parameter for methods
- #917 - Remove support for deprecated 'sonar.cs.msbuild.testProjectPattern'
- #921 - Change the log level of the autogenerated file messages to DEBUG
- #973 - Update SonarC#: Unit Tests total and skipped numbers are not consistent
- #979 - Update S2187: Rule should handle TestCaseSourceAttribute
- #981 - Update S1607: Rule should handle 'TestCaseSourceAttribute'
- #983 - Update S2699: Rule should handle more test method attributes
- #989 - SonarC# should display a warning when coverage report doesn't cover any file imported in SonarQube
- #991 - Enable analysis on non-Windows OSes
- #955 - Rule S113: Files should contain an empty newline at the end
- #535 - CSharp sensor should fail if OS is not windows.
- #803 - Fix S3242: Rule should not throw ArgumentException
- #819 - Fix S2325: 'Member should be static' throws NullReferenceException
- #834 - Fix S3242: Rule throws ArgumentException when 2+ params of method have the same name
- #640 - Fix S3242: Rule should not report when more general type doesn't have indexer
- #680 - Fix S3242: Rule should not suggest IEnumerable when there are multiple iterations over the collection
- #705 - Fix S3242: Should not suggest base class for arguments when method has an event handler signature
- #782 - Fix S3242: Do not suggest ICollection<KVP<TKey, TValue>>
- #795 - Fix S4004: Rule should not raise a violation when [DataMember] is applied
- #809 - Fix S4070: False positive with combined values
- #813 - Fix S3242: Do not suggest IReadOnlyCollection interface instead of IReadOnlyList if collection items are accessed by index
- #828 - Fix S2758: false positive on conditional operator with interpolated string
- #863 - Fix S3242: Rule should not suggest base type resulting in inconsistent accessibility
- #237 - Do not import files detected as autogenerated in SonarQube
- #364 - Improve test sensors to execute them only when the related property is defined
- #428 - Do not skip source files that contains "ExcludeFromCodeCoverage*" attributes
- #839 - Update S1226: "Parameter values should not be ignored" should be a bug
- #840 - Update S1751: "Unconditional jump statements" should be a code smell
- #841 - Update S2234: "Parameters should be passed in correct order" should be a code smell
- #842 - Update S2681: "Multiline blocks should be in curly braces" should be a code smell
- #843 - Update S3010: "Static fields should not be updated in constructors" should be a code smell
- #844 - Update S4158: "Empty collections should not be iterated" should be a bug
- #851 - Fix Cognitive Complexity Metric to detect recursion correctly
- #858 - Update release notes link in vsix manifest and nuget spec
- #862 - Improve test assembly detection logic
- #905 - Improve generated code recognition
- #155 - Feed metric 'executable_lines_data' when SQ >= 6.2
- #814 Thanks @Chelaris182
- #792 - Fix S3928: Rule throws NullReferenceException
- #708 - Fix S4056: Rule should not recommend to use obsolete methods
- #761 - Fix S1168: Rule should not report when returning null within a lambda
- #740 - Rule S4225: Extension methods should not extend "object"
- #741 - Rule S4226: Extensions should be in separate namespaces
- #742 - Rule S4220: Events should have proper arguments
- #746 - Rule S4214: "P/Invoke" methods should not be visible
- #779 - Rule S4260: "ConstructorArgument" parameters should exist
- #791 - Fix SonarC#: Parameterized rules are not read properly
- #631 - Fix S2325: Should raise issues for methods and properties with SuppressMessage attribute
- #671 - Update of plugin to v6.3(build 2862) doesn't report any issues in code.
- #690 - Fix S3881: Rule should not fail with 'Syntax node is not within syntax tree'
- #721 - Fix link to GitHub page on sonarlint-website
- #725 - Fix S1121: NullReferenceException when while loop with assignment expression is within a for loop with no condition
- #726 - Fix S2372: do not throw ArgumentNullException on nlog
- #727 - Fix CognitiveComplexity to not throw an exception on Lucene.Net
- #728 - Fix S3877: do not throw ArgumentNullException on ravendb
- #538 - Fix S2259: "Null pointer dereference" false positive when fields qualified with 'this' are assigned and then read
- #596 - Fix S3242: Rule should not trigger on interface methods
- #655 - Update S3881: Correct documentation and add more unit tests
- #674 - Rules S3897 and S4035 might be in contradiction
- #682 - Fix S1751: Rule shouldn't raise on exceptions within while loops
- #692 - Fix S3263: Rule should not raise when constant field is used in initialization
- #694 - Fix S2372: Allow some exceptions being raised in properties as per CA1065
- #701 - Fix S3897: Rule should not suggest to implement IEquatable when Equals is not public
- #601 - Update S110: Update the rule behavior to not count classes defined into another root namespace
- #623 - Update S2068: Credentials should not be hard-coded
- #684 - Update SonarLint website to mention GitHub repository as a place to file issues
- #335 - Update plugin to support NUnit 3 test results
- #581 - Rule S2183: Ints and longs should not be shifted by zero or more than their number of bits-1
- #582 - Rule S1168: Empty arrays and collections should be returned instead of null
- #610 - Rule S4144: Methods should not have identical implementations
- #611 - Rule S4142: Duplicate values should not be passed as arguments
- #626 - Rule S3433: Test methods should have correct signature
- #636 - Rule S4158: Empty collections should not be accessed or iterated
- #662 - Rule S1607: Tests should not be ignored
- #663 - Rule S3415: Assertion arguments should be passed in the correct order
- #664 - Rule S2701: Literal boolean values should not be used in assertions
- #665 - Rule S2699: Tests should include assertions
- #666 - Rule S3431: 'ExpectedExceptionAttribute' should not be used
- #667 - Rule S2187: Test class should contain test methods
- #416 - Fix S3881: Rule should not fail on partial classes
- #526 - Fix S101: "Class Name" infinite loop when class name contains non-Latin Characters
- #576 - Fix S100: infinite loop when class name contains non-Latin Characters
- #587 - Fix S3966: Rule should not throw cast exception
- #589 - Fix S3925: Call to 'base.GetObjectData' is not properly detected
- #174 - Update S101: A special case should be made for two-letter acronyms in which both letters are capitalized
- #547 - Fix S3346: Rule raises FP on peach
- #571 - Fix S2275: Rule should not trigger on space before alignment
- #590 - Fix S1751: Rule should not raise on "retry on exception" pattern
- #320 - Update S100: Support custom dictionaries for adding names that will not raise issues
- #565 - POC for analyzer running on Linux
- #566 - Automate website release process
- #591 - Update S3966: Rule should detect multiple call of Dispose on this
- #600 - Update S2275: Rule should detect too big values for ArgumentIndex and Alignment
- #607 - Update S3962: Ignore public static readonly fields
- #608 - Update S112: Report if exceptions are actually thrown, not just created
- #254 - Rule S3985: Unused private classes should be removed
- #541 - Rule S2114: Collections should not be passed as arguments to their own methods
- #570 - Symbolic Execution Engine supports multiple constraints per Symbolic Value
- #583 - Rule S1696: 'NullReferenceException' should not be caught
- #584 - Rule S3693: Exception constructors should not throw exceptions
- #585 - Rule S3717: Track use of "NotImplementedException"
- #504 - Fix S2386: Rule should not report when readonly field is initialized with null
- #530 - Fix S3881: "Implement IDisposable correctly" should allow calling GC.SuppressFinalize(this) even when there is no destructor
- #550 - Fix S3908: Rule should not report issues on classes that implement interfaces
- #516 - Update S927: C#: parameter names should match base declaration and other partial definitions
- #519 - Rule S110: "filteredClasses" documentation should describe which delimiter to use or provide specific examples
- #164 - Rule S3900: Arguments of public methods should be validated against null
- #209 - Rule S3966: Objects should not be disposed more than once
- #497 - Rule S4070: Non-flags enums should not be marked with "FlagsAttribute"
- #498 - Rule S4049: Properties should be preferred
- #499 - Rule S4050: Operators should be overloaded consistently
- #500 - Rule S4052: Types should not extend outdated base types
- #501 - Rule S4060: Non-abstract attributes should be sealed
- #502 - Rule S4061: "params" should be use instead of "varargs"
- #503 - Rule S4047: Generics should be used when appropriate
- #506 - Rule S3956: "Generic.List" instances should not be part of public APIs
- #507 - Rule S1075: URIs should not be hardcoded
- #508 - Rule S4069: Operator overloads should have named alternatives
- #509 - Rule S4058: Overloads with a "StringComparison" parameter should be used
- #510 - Rule S4059: Property names should not match get methods
- #511 - Rule S4057: Locales should be set for data types
- #512 - Rule S4055: Literals should not be passed as localized parameters
- #513 - Rule S4056: Overloads with a "CultureInfo" or an "IFormatProvider" parameter should be used
- #514 - Rule S3242: Method parameters should be declared with base types
- #515 - Rule S1200: Classes should not be coupled to too many other classes (Single Responsibility Principle)
- #517 - Rule S3649: User-provided values should be sanitized before use in SQL statements
- #298 - Potential problem in CFG with continue statement in and do-while loop
- #406 - SonarC# fails when parsing xUnit test results with empty tags
- #462 - Fix S3897: Classes that provide "Equals()" should implement "IEquatable"
- #489 - Provide better error message when using old version of Scanner for MSBuild
- #152 - Fix S2583: Rule should consider Nullable values
- #376 - Fix S3897: Correctly recognize IEquatable implementations from base classes
- #424 - Update S3427: "Method overloads" should not raise when methods differ by generic type arguments
- #430 - Update S3237: Add exception for empty properties from interfaces
- #431 - Fix S1944: don't raise issue on "as"
- #472 - Fix S2386: Do not raise if the readonly field is initialized with a known immutable collection
- #473 - Fix S4015: Rule should not raise on 'new' or 'override' members
- #493 - Fix S2259: "Null pointer dereference" raises FP when a variable is initialized in catch(Exception) block
- #154 - Support many coverage reports
- #235 - Update S1764: Comparing the same object with Object.Equals() method
- #322 - Fail fast ITs if not on Windows
- #380 - [Technical] Improve build scripts to allow building SonarC# on a dev box
- #388 - Update S1479: "Switch with too many cases" should ignore empty, fall-through cases
- #420 - S3897 is an unsafe suggestion in my opinion
- #422 - default() should have a null or not null constraint on it
- #455 - Add blocks for try-finally statements into CFG, ignoring catch clauses (happy path)
- #467 - Add blocks in CFG for catch clauses and connect try-finally
- #468 - Support nested try-catch blocks
- #486 - Fix spelling errors
- #215 - Rule S3972: Conditionals should start on new lines
- #433 - Rule S2221: "Exception" should not be caught when not required by called methods
- #434 - Rule S4039: Interface methods should be callable by derived types
- #436 - Rule S4041: Type names should not match namespaces
- #437 - Rule S3927: Serialization event handlers should be implemented correctly
- #461 - Rule S4035: Classes implementing "IEquatable" should be sealed
- #386 - Fix S1939: Extends and implements list entries should not be redundant
- #423 - Fix Symbolic Execution: Invalid nameof() should be properly handled
- #317 - Update S2234: Add support for constructors
- #153 - Fix S1871: "Branches with same implementation" should ignore single line blocks
- #297 - Fix S1940: "Inverted boolean checks" should not suggest inversion for Nullable
- #343 - Fix S2681: Fix FP on try-catch block
- #345 - Fix S1751: "Unconditional jump statements" should not raise if a conditional continue is detected
- #347 - Fix S2589: "Gratuitous expressions" should not raise if expression is the condition of a loop and break is detected
- #366 - Fix S3963: Should not raise issue when the static constructor does not assign any fields
- #220 - Process coverage reports only once for a solution
- #346 - Update S2328: "GetHashCode should not reference mutable fields" should report once per method
- #348 - Update S3904: "Assemblies should have version" should be code smell
- #370 - Update S2387, Rule S4025: "Child class fields shadowing parent fields" should ignore "static" fields, field names that differ by case are handled by S4025
- #374 - Drop MSBuild 12 support
- #394 - Decrease plugin size
- #438 - Update S1210: "Override Equals when implementing IComparable" should be code smell
- #439 - Update S2743: "Static fields in generic types" should be code smell
- #440 - Update S3220: "Method calls should not resolve ambiguously" should be code smell
- #441 - Update S3881: "IDisposable should be implemented correctly" should be code smell
- #442 - Update S3885: "Assembly.Load should be used" should be code smell
- #443 - Update S3904: "Assemblies should have version information" should be code smell
- #444 - Update S3925: "ISerializable should be implemented correctly" should be code smell
- #333 - Rule S2068: Credentials should not be hard-coded
- #350 - Rule S4015: Inherited member visibility should not be decreased
- #351 - Rule S4016: Enumeration members should not be named "Reserved"
- #352 - Rule S4017: Method signatures should not contain nested generic types
- #353 - Rule S4018: Generic methods should provide type parameters
- #354 - Rule S4019: Base class methods should not be hidden
- #356 - Rule S4022: Enums storage should be Int32
- #357 - Rule S4023: Interfaces should not be empty
- #359 - Rule S3906: Declare event handlers correctly
- #360 - Rule S3908: Generic event handlers should be used
- #361 - Rule S3909: Collections should implement the generic interface
- #365 - Rule S1123: "Obsolete" attributes should include explanations
- #383 - Rule S4026: Assemblies should be marked with NeutralResourcesLanguageAttribute
- #384 - Rule S4027: Exceptions should provide standard constructor
- #302 - Fix S2275: InvalidCastExteption when analyzing single argument method
- #362 - Fix Sensors: Unit/Integration test results are skipped when module doesn't contain cs file
- #167 - Fix S1121: Assignments should not be made from within sub-expressions' should ignore chained assignments
- #277 - Update S3881: should require a call to base.Dispose(bool)
- #296 - Update S3449: replace XML-encoded characters in description
- #309 - Update S3776: Disable by default because it is a parametrized rule
- #325 - Update RSPEC metadata before releasing 5.11
- #328 - Deprecate S1145
- #330 - Update S2589 and S2583: raise issues for "true" and "false" literals
- #336 - Use the Category property from RSPEC to determine the rule type
- #338 - Update S112: "Do not throw general exceptions" should be Code Smell
- #339 - Update S1854: Dead Stores should be code smell
- #340 - Update S2372: "Do not throw exceptions from property getters" should be Code Smell
- #173 - Rule S3346: Expressions used in "Debug.Assert" should not produce side effects
- #250 - Rule S3981: Collection sizes and array lengths should not be tested against ">= 0"
- #251 - Rule S3984: Exception should not be created without being thrown
- #265 - Rule S3990: Assemblies should be marked as CLS compliant
- #266 - Rule S3992: Assemblies should explicitly specify COM visibility
- #267 - Rule S3993: Custom attributes should be marked with "System.AttributeUsageAttribute"
- #268 - Rule S3994: URI Parameters should not be strings
- #269 - Rule S3995: URI return values should not be strings
- #270 - Rule S3996: URI properties should not be strings
- #271 - Rule S3997: String URI overloads should call "System.Uri" overloads
- #274 - Rule S3998: Threads should not lock on objects with weak identity
- #275 - Rule S4000: Pointers to unmanaged memory should not be visible
- #279 - Rule S4002: Disposable types should declare finalizer
- #280 - Rule S4004: Collection properties should be readonly
- #281 - Rule S4005: "System.Uri" argument should be passed instead of string