You may have noticed that we announced brand changes this week. We expect these changes to show up in the products themselves (and here in the Community) sometime soon.
And speaking of the products, we’re grateful every time you give us feedback, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarCloud:
- @brunopenso and @raka9940 noticed that new members of their organizations have 5 random characters inserted into their usernames. It’s a recent change, but when we rolled out the code, we forgot to update the docs explaining that these intrusive-seeming characters are actually expected. We’ve got an internal ticket to do that.
SonarQube:
- We’ve been updating & modernizing our UI components. In the process, we introduced a bug on the Issues page in 10.7, as @Alexander_Bissell noticed. Thanks for the report. SONAR-23493
SonarLint:
- @brokvolchansky reported that non-UTF-8 characters in file names crash SonarQube for IntelliJ. His thorough bug report even included an independent reproducer.
SLCORE-1009 will fix it in all SonarQube for IDE flavors.
Scanners:
- @jnesta-lh let us know that SonarScanner for Azure DevOps isn’t respecting
sonar.projectBaseDir. SCAN4NET-152
Rule & Language Improvements:
- Our C analyzer doesn’t understand
fgetsandstrcspnwell enough to understand that when used together in the manner demonstrated by @alef75 there is no out-of-bounds memory access. CPP-5829 - @IPv6isalreadythere suggested we add rules to help with the transition to IPv6. We don’t have tickets for this yet, but we’ve added the concept to the list.
java:S3242checks whether a method parameter is declared using the least specific type possible based on the API used in the method implementation. The assumption is that the same API will have the same semantics. But that’s not always the case. For instance, when the order matters, swapping in aCollectionfor aSequencedCollectionwon’t work. Thanks @throup! SONARJAVA-5156- @Roman_Kis is getting a taint analysis issue on the PHP embedded in his HTML, even though he’s properly sanitizing the input before use. Even with custom taint analysis configuration, it won’t go away. The analyzer doesn’t currently detect when array elements are sanitized in a loop, and we’ve got an internal ticket to fix that.
typescript:S1854is raising a false positive when you assign a variable in atryblock for use in the correspondingcatch. Nice … ‘catch’ @Nebojsa_Simic.
JS-384
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.