7439 - Allocations: Avoid capturing and delegate allocations in SonarAnalysisContextBase
9.6
This release introduces 3 new security-related rules for VB.NET and improves the precision of their existing C# versions by migrating them to the new symbolic execution engine.
This version also includes a new code fix and fixes for false negative issues.
Kudos to @Corniel for his contribution by implementing a codefix for S125 (SonarSource/sonar-dotnet#313)
New Rules
7560 - [VB.NET] New rule S2053: Hashes should include an unpredictable salt
7562 - [VB.NET] New rule S3329: Cipher Block Chaining IVs should be unpredictable
7565 - [VB.NET] New Rule S5773: Types allowed to be deserialized should be restricted
Improvements
7424 - [VB.NET] Merge rule S2373 onto S119 (S2373 is now deprecated)
313 - [C#] Rule S125: Add a code fix to remove the commented code
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps SonarAnalyzer.CSharp from 9.3.0.71466 to 9.7.0.75501.
Release notes
Sourced from SonarAnalyzer.CSharp's releases.
... (truncated)
Commits
d9025b5
Update RSPEC before 9.7 release (#7724)28c59a4
Reproducer for #7722 Concatenation for parameters, fields and properties are ...b9bab9b
Fix S1125 CodeFix: C# pattern matching in conditional operator (#7719)8f6674f
Fix S1125 FN: recognize "is" and "is not" keyword with constant pattern (#7687)85c2441
Fix S3925 FP: Classes should need to opt-in for serialization (#7673)3144489
Fix S1643 FN: consider simple assignments with variable not on the innermost ...d42e451
Deprecation: Replace ValidateTag with TagValue (BeTrue part) (#7705)23ddd7e
Fix S1643 FP: should not apply when strings are not aggregated (#7711)c58a860
Fix S4023 FP: Interfaces that provide type parameters from base interface (#7...4b25ebc
Fix copy paste in S1186 docs (#7587)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)