Hello Sonar Community!
Like every week we want to spend some time saying thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.
There’s an internal shuffling of our engineering teams at the moment, mostly affecting teams responsible for SonarQube and SonarCloud. That means this week is almost entirely about our language analyzers!
SonarLint:
- Something went wrong publishing the latest version of SonarLint for VSCode to OpenVSX and thanks to @APINYK we were reminded to follow up internally. Now the latest version is available!
Rule & Language Improvements:
-
Thanks @bers for helping us discover a mismatch between the description of
cpp:S127and its implementation. CPP-4987 -
@jsinge found a false-positive occurring with the rule
cpp:S5417inside require clauses. Thanks! We’ll work on that with CPP-4964. -
Thanks @eugeniolt for reporting an edge-case with
secrets:S6703where an issue is being raised erroneously because string interpolation is used. We’ve created an internal hardening ticket to review this. -
java:S6856should not be raised on named regular expressions, as reported by @alec. Thanks! SONARJAVA-4865 -
Kudos to @Sami_Naatanen for raising this thread about
java:S3457raising a false-positive on certain java.util.logging strings with single quotes. SONARJAVA-4857 -
Thanks @krb8686 for reporting a false-positive on
cpp:S3584when__attribute__((__cleanup__(*)))is used. CPP-4983! -
Something is off about
cpp:S1878– either it should raise on anonymous unions or it should be documented that it doesn’t. Thanks for triggering the discussion @KUGA2. -
kotlin:S1874is raising false-positives because our Kotlin analyzer is defaulting to Java 8 semantics
SONARKT-270 will put us in a better spot – thanks @felipebz and @GeorgEchterling. -
Shoutout to @Peter0 and his feedback on
plsql:S3651where the rule doesn’t take into consideration that if aLEFT JOINcondition isn’t satisfied, a non-nullable column can be null. SONARPLSQL-829! -
Again, thanks @Peter0 for your other piece of PL/SQL feedback this week, specifically that
plsql:S2651shoudn’t raise an issue when using a reserved keyword as aPAUSEcommand parameter. SONARPLSQL-828 -
Big week for SQL – thanks @pabseb for letting us know that our T-SQL analyzer can’t parse
DROP SYNONYMcorrectly. SONARTSQL-325 -
As reported by @dandoy,
java:S3626is being raised incorrectly when afinallyblock is used. Thanks for the report! SONARJAVA-4870
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.
Colin, @ganncamp, and @leith.darawsheh