Blog
Sonar's latest blog posts
What is Clean Code?
If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.
But what is Clean Code, and what does it encompass?
Review your security vulnerabilities in GitHub with code scanning alerts
We’re happy to announce that SonarCloud integrates with GitHub code scanning! It’s available to everyone with a GitHub repository - private or public - independently of your SonarCloud plan. If you have access to the feature on GiHub and your organization admin already accepted the update for the SonarCloud app permissions, you’re all set! You should be able to start using the feature during your next code review.
Read Blog post >
Horde Webmail 5.2.22 - Account Takeover via Email
We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.
Read Blog post >
Zabbix - A Case Study of Unsafe Session Storage
In this article we discuss the security of client-side session storages and analyze a vulnerable implementation in the IT monitoring solution Zabbix.
Read Blog post >
WordPress < 5.8.3 - Object Injection Vulnerability
We discovered an interesting code vulnerability that could be used to bypass hardening mechanisms in the popular WordPress CMS.
Read Blog post >
How to disable XXE processing?
In this post, we will see how to completely disable external entities declaration and expansion, offering a quick and safe solution.
Read Blog post >
Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them
Today XML External Entities (XXE) vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for years. In this post, we will try to demystify XXE vulnerabilities and present the rule we put in place to help you detect and prevent them.
Read Blog post >
WordPress 5.8.2 Stored XSS Vulnerability
We reported a Stored XSS vulnerability in WordPress (CVE-2022-21662) which remained unpatched for more than 3 years and affected the wordpress.org website.
Read Blog post >
Vulnerability Research Highlights 2021
Our research team looks back at a great year and summarizes the highlights of their vulnerability research in 2021.
Read Blog post >
Modernizing your code with C++20
C++20 is here! It's a big release with many features designed to make your code easier, faster and safer. Let's see how the latest C++ analysis rules in SonarLint, SonarQube and SonarCloud can help us modernize our code to take advantage of some of the new features.
Read Blog post >
NodeBB 1.18.4 - Remote Code Execution With One Shot
We recently discovered three interesting code vulnerabilities in NodeBB 1.18.4, allowing attackers to compromise servers. Find out about the details in this article!
Read Blog post >
Code Security Advent Calendar 2021
Our code security advent calendar is back for the sixth consecutive year. We will release daily challenges until December 24th, get ready to fill your bag of tricks!
Read Blog post >