Hi all!
Happy May! I hope that lots of you enjoyed a day off yesterday (May 1st is a public holiday in lots of the world, but not in Switzerland or the US).
Like every week, we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube Cloud:
- Shoutout to @TScamell, @Mikkel, and @PeterBa for quickly alerting us to an issue with the latest version of our C# analysis that was deployed to SonarQube Cloud. When importing roslyn issues alongside the SonarQube results (which is the default behavior), analysis failed. We were able to (more or less) quickly revert.
SonarQube Server & SonarQube Community Build:
-
We need to improve our new docs around the Server Base URL. Thanks @Shivashree!
-
The
open=<rule_id>
parameter on/coding_rules
isn’t working as expected, as discovered by @Rajee, unless the rule in question is on the first page of results. Thanks for the report! SONAR-24928
SonarQube for IDE:
-
There are situations where a user might try to open an issue in their IDE (from SonarQube) that doesn’t exist (or hasn’t been detected) locally. The error reporting here is poor, and we’ll fix it SLE-1179. Thanks @lrozenblyum!
-
SonarQube for IntelliJ can sometimes end up searching for null files when handling excluded files. This throws an error. We’ll fix it with SLI-2007! Thanks for the report @Ahmed-Shehzad.
Rule & Language Improvements:
-
Thanks @TonyJ for bringing a false-positive with
csharpsquid:S2587
to our attention. SonarQube should not be raising an issue in constant string interpolation when a string is in square brackets! -
Our Advanced Bug Detection is crashing under very specific conditions, but only on SonarQube Cloud! We’ve already fixed the issue in the code, and it will be deployed soon. Thanks for the report @mmoayyed.
-
csharpsquid:5034
should not raise an issue onAsTask()
whenValueTask
was returned by consecutive method calls. Thanks @abj! -
java:S1244
should raise when<=
or>=
is used with floating point operations. Great suggestion @schwarfl! SONARJAVA-5506 -
@Soshyant thinks we should implement a rule to make sure exceptions are handled when using
runCatching
. We think it’s a great idea and now it’s in our backlog! -
@Jan078 raised a relevant point about
typescript:S6481
after changes were made in React 18 which render issues raised by the rule false-positives. We need to do something, but we aren’t sure what yet. In any case it will be handled by JS-704! Thanks! -
kotlin::s2245
needs to be updated to consider changes to Commons Lang’sRandomStringUtils
, specifically that it’s use is considered Safe when used with the methodsecure()
since v3.17 of the library. Thanks @akopric! -
@Corniel suggested a rule to use
auto
properties and thefield
keyword for referring to the automatically generated backing field of a property. Thanks for the idea, it’s now in our backlog! -
typescript:S2608
is case-sensitive when detecting variables / environment variables that might include secrets. It also isn’t detecting the keyword “passphrase”. We’ll fix both of these cases with JS-707. Thanks for the report @FSC! -
javascript:S2301
should not flag functions that, for example, transform a boolean input into a ‘Yes’/‘No’ string. Thanks @absolutesantaja! We’ll handle this with JS-709.
Scanners:
- We ought to do some alignment around the behavior on truststore passwords between our products. Thanks for digging into this for us @meanmfmachine, @LTCell, and @boblinn.
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own shout-outs below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.