TypeScript new Security Hotspot rules:
- S2255: Writing cookies is security-sensitive.
- S5122: Enabling Cross-Origin Resource Sharing is security-sensitive.
- S4787: Encrypting data is security-sensitive.
- S4790: Hashing data is security-sensitive.
- S4721: Executing OS commands is security-sensitive.
- S4823: Using command line arguments is security-sensitive.
- S2245: Using pseudorandom number generators (PRNGs) is security-sensitive.
- S4784: Using regular expressions is security-sensitive.
- S4818: Using Sockets is security-sensitive.
- S2077: Formatting SQL queries is security-sensitive.
- S4829: Reading the Standard Input is security-sensitive.
- S4817: Executing XPath expressions is security-sensitive.
- S4326: “await” should not be used redundantly (Code Smell)
- S109: Magic numbers should not be used (Code Smell)
- S4140: Sparse arrays should not be declared (Code Smell)
- S3696: Non-exception types should not be thrown (Code Smell)
You might also notice an error saying “Unsupported TypeScript version” during the next analysis. We had to change the minimal TypeScript version to 3.2.1. This does not mean that you have to change the TypeScript version of your project. You just need to install TypeScript >= 3.2.1 for code analysis.
These changes are only available in SonarCloud for now but SonarQube users will soon benefit from them too.
All feedback is welcome.