SonarSource is pleased to announce the release of the SonarQube C# plugin 4.4 along with SonarQube Scanner for MSBuild 1.1.
SonarQube C# plugin 4.4 embeds the following 22 new rules while SonarQube Scanner for MSBuild 1.1 makes the analysis ultimately accurate by executing the analysis during the build.
List of 22 new rules:
- “async” methods should not return “void” (bug)
- “base.Equals” should not be used to check for reference equality in “Equals” if “base” is not “object” (bug)
- “ConfigureAwait(false)” should be used (multi-threading, suspicious)
- Attribute, EventArgs, and Exception type names should end with the type being extended (convention)
- Culture should be specified for String operations (unpredictable)
- Enumeration type names should not have “Flags” or “Enum” suffixes (convention)
- Exceptions should not be thrown from property getters (error-handling)
- Flags enumerations should explicitly initialize all their members (bug)
- Flags enumerations zero-value members should be named “None” (convention)
- Method calls should not resolve ambiguously to overloads with “params” (pitfall)
- Method overloads with default parameter values should not overlap (pitfall, unused)
- Multiple variables should not be declared on the same line (convention)
- Optional parameters should not be used (pitfall)
- Overflow checking should not be disabled for “Enumerable.Sum” (error-handling, security)
- Public constant members should not be used (convention)
- Public methods should not have multidimensional array parameters (pitfall)
- Statements should be on separate lines (convention)
- Strings should not be concatenated using “+” in a loop (performance)
- The length returned from a stream read should be checked (bug)
- “FIXME” tags should be handled
- “TODO” tags should be handled
- Write-only properties should not be used (pitfall)
Have a look to this post by Duncan Pocklington on the Microsoft Application Lifecyle Management blog to better and deeply understand what means “static analysis now executed during the build”.
For more information about the content of those two releases, please read the C# plugin 4.4 release notes or the SonarQube Scanner for MSBuild 1.1 release notes. You can install or update the plugin via the Update Center and the new version of the SonarQube Scanner for MSBuild is available here.