Bump SonarAnalyzer.CSharp from 10.7.0.110445 to 10.15.0.120848

[dependabot]

Updated SonarAnalyzer.CSharp from 10.7.0.110445 to 10.15.0.120848.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

10.15

False Positive

• NET-2198 - Fix S1905 FP: Cast of default! expression is required
• NET-2197 - Fix S1905 FP: stackalloc and Span conversions
• NET-1641 - Fix S1905 FP: casting IEnumerable<string?> to IEnumerable<string>
• NET-2157 - Fix S2589 FP: Don't raise an issue after a delegate is invoked
• NET-2073 - Fix S2699 FP: Add support for FsCheck property tests
• NET-1537 - Fix S6964 FP: Don't raise on properties annotated with the BindRequiredAttribute

Improvement

• NET-2112 - Consider ExplodedNodes relevant if a successor would be relevant
• NET-2183 - SE: Set constraint on operation when learning from IsPattern

False Negative

• NET-429 - Fix S4275 FN: Support partial properties

Task

• NET-2208 - Update RSpec before release

10.14

Hey everyone,

This release mostly focuses on mitigating (NET-2196) a performance regression that was introduced in 10.13.

Improvement

• NET-2196 - Fix path algorithm for execution flows to mitigate performance regression
• NET-2177 - Improve how the Symbolic Execution engine handles exception paths
• NET-2135 - Support xUnit V3
• NET-2163 - Provide Interface for other plugins to add rules to VB.NET SonarWay profile

False Negative

• NET-235 - Fix S2053: Adjust required salt length to be 32 bytes

Task

• NET-2170 - Update RSPEC before 10.14 release

10.13

Hello everyone,

In this release, we've focused on:

• False positive fixes
• Enhancing S2259's secondary locations to provide clearer, step-by-step explanations of null pointer dereferences issues.

False Positives

• NET-2099 - Fix S3885 FP: Do not raise in ResolutionEventHandler
• NET-2023 - Fix S3257 FP: Array with target-typed new
• NET-1646 - Fix S3267 FP: Loops should be simplified with LINQ expressions
• NET-1588 - Fix S1066 FP: Combination of dynamic and out should not raise
• NET-882 - Fix S3257 FP: Don't raise for C# 10 and later when there's explicit delegate creation

Improvements

• NET-2095 - Improve incremental PR analysis path detection
• SE: S2259 - Improve secondary locations

10.12

This release brings the VB version of S6418 and a few FP and FN fixes.

New Rule

• NET-1379 - New Rule: Implement S6418 Hard-coded secrets are security-sensitive for VB.NET

False Positive

• NET-1526 - Fix S3267 FP: Only raise on IEnumerable

False Negative

• NET-1260 - Fix S1215 FN: GC.GetTotalMemory(forceFullCollection: true) should not be called
• NET-1258 - Fix S6678 FN: Lowercase placeholders in interpolated string
• NET-1255 - Fix S3267 FN: Logical operators are not supported

Task

• NET-2060 - Update RSPEC before 11.12 release

10.11

Hello everyone!
In this release we fixed a bunch of false positives and false negatives.
Additionally this version adds support for telemetry in order to gather information on feature usage. Telemetry, requires scanner 10.2.0 or greater.

False Positive

• NET-1522 - Fix S2068 FP: Do not raise on password:secret
• NET-1149 - Fix S3626 FP: Add exception when return statement is preceding local functions

False Negative

• NET-1263 - Fix S1871 FN: Nested if .. else if chain
• NET-1256 - S2068: Remove word boundary(\b) from regex
• NET-1254 - Fix S3878 FN: When params are passed as array through an attribute
• NET-1252 - FN S1168: Support IndexerDeclaration and ConversionOperatorDeclaration
• NET-459 - Fix S1168 FN: Add support for partial indexers

10.10.1

Bugfix release to fix combability with SonarQube Cloud + a simplification to the ProfileRegistrar

Task

• NET-1463 - Update RSPEC before 10.10.1 release
• NET-1461 - Make CSharpSonarWayProfile be compatible and simplify ProfileRegistrar

10.10

Hey everyone, this release mostly focuses on internal and technical things.

General

• NET-1444 - Move ProfileRegistrar to org.sonar.plugins.csharpenterprise.api
• NET-1326 - Update RSPEC before 10.10 release

Internal Styling Rules

• NET-1378 - New Rule T0045: Use var
• NET-1359 - New Rule T0043: Avoid primary constructors on normal classes and structs
• NET-1358 - New Rule T0042: Indent raw string literal +4
• NET-1357 - New Rule T0041: Use raw string literals for multiline strings
• NET-1356 - New Rule T0040: Use minimum necessary interpolation characters
• NET-1355 - New Rule T0039: Protected field should start with lower case letter
• NET-1354 - New Rule T0038: Use fields instead of auto-implemented private or protected properties
• NET-1347 - New Rule T0000: Don't use Get prefixes
• NET-1346 - New Rule T0037: Use .Test suffix namespace
• NET-1345 - New rule T0046: Move extension method to dedicated class
• NET-1344 - New Rule T0035: Do not use var for this deconstruction
• NET-1343 - New Rule T0034: Do not embed var into this condition
• NET-1342 - New Rule T0033: Swap the logic to use positive conditions instead
• NET-1341 - New Rule T0032: Move the method body to the next line
• NET-1339 - New Rule T0030: Move the field initializer on the same line
• NET-1338 - New Rule T0029: Indent all arguments +4 further than the invocation line
• NET-1337 - New Rule T0028: Move all arguments on the same line, or wrap all of them
• NET-1336 - New Rule T0027: Move subsequent expressions on separate lines
• NET-1335 - New Rule T0026: Indent member access +4 further than the initial line
• NET-1334 - New Rule T0025: Indent ‘?’ and ‘:’ +4 further than the condition line
• NET-1333 - New Rule T0024: Place multiline ‘?’ and ‘:’ on separate lines
• NET-1332 - New Rule T0022: Indent all parameters with the first one
• NET-1331 - New Rule T0021: Use extension methods for Linq
• NET-1329 - New Rule T0019: Indent operator correctly
• NET-1328 - New Rule T0018: Move the operator to the beginning of the next line
• NET-1327 - New Rule T0015: Move local function at the end of the method
• NET-1237 - New Rule T0044: Don't add Arrange, Act, and Assert(s) comments
• NET-1325 - Improve T0007: Raise on nondeclaring is { } check

10.9

Hello everyone!

This is a mega-hardening release! Enjoy 😄

False Positive

• NET-1309 - Fix S2583 FP: Support overrides in IsImplementingInterfaceMember
• NET-1308 - Fix S2583 FP: Add support for AdressOf operator
• NET-1302 - Fix S4158 FP: Don't raise on GetEnumerator() calls
• NET-1295 - Fix S3236 FP: Exclude Debug.Assert
• NET-1290 - Fix S4158 FP: Support RouteValueDictionary in AspNetCore
• NET-1289 - Fix S4158 FP: Adding methods with well defined sematics
• NET-1288 - Fix S4158 FP: Recognize Add methods with bool return type
• NET-1287 - Fix S4158 FP: Don't raise on SetValue
• NET-1280 - Fix S2342 FP: Flaky reports
• NET-1278 - Fix S3440 FP: Variable assignment and switch expression
• NET-1246 - Fix S1481 FP: Don't report on discard like looking variables
• NET-1242 - Fix S2583/S4158 FP: Support for collections that are initialized with object
• NET-1241 - Fix S2589 FP: Don't track concurrent collections
• NET-1230 - Fix S4158 FP: Immutable collections
• NET-1223 - Fix S3267 FP: ref struct types cannot leave the stack
• NET-1214 - Fix S2259 FP: Foreach loop over empty collection
• NET-1212 - Fix S2259 FP: Learn bool from NotNull constraint and Null value
• NET-1208 - Fix S2589 FP: Rule ignores case guards
• NET-1207 - Fix S3966 FP: disposing element of indexable after declaration pattern
• NET-1203 - Fix S3966 FP: Enumerating a collection of tuples
• NET-1202 - Fix S2259 FP: Foreach nested in try, nested in loop
• NET-1188 - Improve S4158 - Empty Collections should not be Enumerated
• NET-1088 - Fix S3240 FP: Ignore when a conditional block contains a ternary
• NET-800 - Fix S2259 FP: FlowCaptures in loops and try-regions

False Negative

• NET-1299 - Fix S2053 FN: Support Copy methods
• NET-1257 - Fix S4790 FN: New HashData overloads not recognized
• NET-1194 - Fix S4158 FN: Collection Expressions (C# 12)
• NET-357 - Fix S2068 FN: does not consider launchSettings.json files
• NET-210 - Fix S4158 FN: AddRange with empty collection

Bug

• NET-1267 - Fix S2068 bug: Issue location is out of range in web.config for elements or attributes with an xml namespace
• NET-1184 - Roslyn rule import should map the issue severity to the Software Quality impact in SonarQube Server

Improvement

• NET-1217 - Improve S3996: Set location to the property instead of record

10.8

A small release with a few improvements for S1172, S2222 and S4158:

False Positive

• NET-1210 - Fix S4158 FP: collection filled by another function
• NET-1168 - Fix S1172 FP: When parameter is used in local function in a null-conditional or null-coalescing statement

False Negative

• NET-427 - Fix S2222 FN: Support locking via Lock object primitives
• NET-1228 - Fix S4158 FN: Support LinkedList

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.