All new rules previously mentioned are now available in SonarQube!
TypeScript new Security Hotspot rules:
- S2255: Writing cookies is security-sensitive.
- S5122: Enabling Cross-Origin Resource Sharing is security-sensitive.
- S4787: Encrypting data is security-sensitive.
- S4790: Hashing data is security-sensitive.
- S4721: Executing OS commands is security-sensitive.
- S4823: Using command line arguments is security-sensitive.
- S2245: Using pseudorandom number generators (PRNGs) is security-sensitive.
- S4784: Using regular expressions is security-sensitive.
- S4818: Using Sockets is security-sensitive.
- S2077: Formatting SQL queries is security-sensitive.
- S4829: Reading the Standard Input is security-sensitive.
- S4817: Executing XPath expressions is security-sensitive.
- S4326: “await” should not be used redundantly (Code Smell)
- S109: Magic numbers should not be used (Code Smell)
- S4140: Sparse arrays should not be declared (Code Smell)
S3696: Non-exception types should not be thrown (Code Smell)
- S4275: Getters and setters should access the expected fields (Bug)
- S4624: Template literals should not be nested (Code Smell)
- S117: Variable, property and parameter names should comply with a naming convention (Code Smell)
- S1821: “switch” statements should not be nested (Code Smell)
- S2068: Hard-coded credentials are security-sensitive (Security HotSpot)
Again, note that TypeScript 3.2.1 or higher is required for TypeScript analysis. This version of TypeScript is required only during the analysis. You can still use a different version to run your software.
You also need to upgrade the TypeScript analyzer to v2.1 in order to avoid conflicts.