All new TypeScript and JavaScript rules as well as 5 additional JavaScript Code Smells now available in SonarQube

Clean Code Sonar Updates
,
1

Hello JavaScript and TypeScript developers,

All new rules previously mentioned are now available in SonarQube!
In addition, we’ve added 5 more JavaScript rules which were available for TypeScript.

As a recap, TypeScript benefits from all 12 Security Hotspot rules which already existed for JavaScript, and JavaScript has now 9 new rules which were available for TypeScript.

TypeScript new Security Hotspot rules:

  • S2255: Writing cookies is security-sensitive.
  • S5122: Enabling Cross-Origin Resource Sharing is security-sensitive.
  • S4787: Encrypting data is security-sensitive.
  • S4790: Hashing data is security-sensitive.
  • S4721: Executing OS commands is security-sensitive.
  • S4823: Using command line arguments is security-sensitive.
  • S2245: Using pseudorandom number generators (PRNGs) is security-sensitive.
  • S4784: Using regular expressions is security-sensitive.
  • S4818: Using Sockets is security-sensitive.
  • S2077: Formatting SQL queries is security-sensitive.
  • S4829: Reading the Standard Input is security-sensitive.
  • S4817: Executing XPath expressions is security-sensitive.

JavaScript new rules:

  • S4326: “await” should not be used redundantly (Code Smell)
  • S109: Magic numbers should not be used (Code Smell)
  • S4140: Sparse arrays should not be declared (Code Smell)
  • S3696: Non-exception types should not be thrown (Code Smell)
    +
  • S4275: Getters and setters should access the expected fields (Bug)
  • S4624: Template literals should not be nested (Code Smell)
  • S117: Variable, property and parameter names should comply with a naming convention (Code Smell)
  • S1821: “switch” statements should not be nested (Code Smell)
  • S2068: Hard-coded credentials are security-sensitive (Security HotSpot)

Again, note that TypeScript 3.2.1 or higher is required for TypeScript analysis. This version of TypeScript is required only during the analysis. You can still use a different version to run your software.

You also need to upgrade the TypeScript analyzer to v2.1 in order to avoid conflicts.

You can already enjoy these new features on SonarCloud. As for SonarQube, these new features will be included in the next version (8.1). To get these features in SonarQube now, simply install the new versions of the JavaScript and TypeScript analyzers!

Cheers,
Christophe

1 Like