2.10.0

Release notes - SonarKotlin - Version 2.10

Bug

SONARKT-221 Links are broken in the manifest

SONARKT-211 Tests fail when running in environments with a dot in the path

SONARKT-203 Comment_lines metric should count '/**' comments and ignore blank lines and header-comment (if any)

SONARKT-197 S6316 should not crash when job declaration is not directly followed by a call to delay.

Documentation

SONARKT-218 Update docs to include available analyzer properties and an explanation

False-Positive

SONARKT-202 S1871 should not consider two method calls the same if they're calling different methods with the same name

SONARKT-199 S4830 misses exceptions being thrown in catch clauses

SONARKT-198 FP in S1128 in the presence of packages with the same unqualified name

Improvement

SONARKT-210 Support parsing of Kotlin 1.7 source code

SONARKT-206 Access properties 'sonar.java.binaries' and 'sonar.java.libraries' should be made using 'getStringArray' method

SONARKT-201 Update usage of sonar-plugin-api for libraries and binaries parameters

New Feature

SONARKT-217 Support parallelized generation of the BindingContext

SONARKT-200 Provide OWASP Top 10 2021 security standards for rules metadata

SONARKT-15 Being able to parse the code depending on the Kotlin version

Task

SONARKT-220 Update rules metadata

SONARKT-219 Upgrade external linter definitions

2.9.0

    Release Notes - Analyzer for Kotlin - Version 2.9

Bug

• [SONARKT-195] - Kotlin compiler crashes during generation of the BindingContext

Task

• [SONARKT-194] - Add metrics reporting from sonar-analyzer-commons

Improvement

• [SONARKT-196] - Improve the performance of checks relying on the compiler diagnostics

2.8.0

    Release Notes - Analyzer for Kotlin - Version 2.8

Bug

• [SONARKT-188] - Highlighting seems off on some regex findings
• [SONARKT-192] - Scan logs only display "dummy.kt" as filename when there is an exception

Task

• [SONARKT-193] - Prepare Release of SonarKotlin 2.8

Improvement

• [SONARKT-190] - Update Kotlin to 1.6

False-Positive

• [SONARKT-182] - S1128: FP on imports for annotations, delegates, overloaded operators and annotations
• [SONARKT-183] - Kotlin compiler reports variables as unused with incomplete semantics
• [SONARKT-187] - FP Regex issues when using string interpolation

2.7.0

    Release Notes - Analyzer for Kotlin - Version 2.7

Bug

• [SONARKT-171] - NoSuchElementException empty list of value parameters when checking for suspending function
• [SONARKT-186] - Slow analysis speeds due to re-computation of semantics

Task

• [SONARKT-189] - Update rules metadata

Improvement

• [SONARKT-149] - S6300 should cover more methods that write to files

False Negative

• [SONARKT-164] - S6293: Fix false-negatives for android.hardware.biometrics.BiometricPrompt

2.6.0

    Release Notes - Analyzer for Kotlin - Version 2.6

Bug

• [SONARKT-172] - IllegalArgumentException in FunMatcher, when inferred return type is intersection
• [SONARKT-184] - java.lang.IllegalArgumentException in rule S1874 when reporting on Enum constructor call

New Feature

• [SONARKT-152] - Rule S5842: Regex repetition pattern's body should not match the empty String
• [SONARKT-153] - Rule S5843: Regular expressions should not be too complicated
• [SONARKT-154] - Rule S5846: Empty lines should not be tested with regex MULTILINE flag
• [SONARKT-155] - Rule S5850: Alternatives in regular expressions should be grouped when used with anchors
• [SONARKT-157] - Rule S5856: Regular expressions should be syntactically valid
• [SONARKT-158] - Rule S5857: Regular expressions character classes should be preferred over non-greedy quantifiers
• [SONARKT-161] - Rule S5867: Unicode-aware versions of character classes should be preferred
• [SONARKT-162] - Rule S5868: Unicode Grapheme Clusters should be avoided inside regex character classes
• [SONARKT-163] - Rule S5869: Character classes in regular expressions should not contain the same character twice

Task

• [SONARKT-185] - Prepare Release of SonarKotlin 2.6

Improvement

• [SONARKT-169] - Support Kotlin AST regexes
• [SONARKT-179] - Improve regex range to Kotlin file range translation precesion
• [SONARKT-180] - Support regex flags

2.5.0

    Release Notes - Analyzer for Kotlin - Version 2.5

New Feature

• [SONARKT-165] - Rule S4507: Add WebView debug settings
• [SONARKT-168] - Rule S6362: Enabling JavaScript support for WebViews is security-sensitive
• [SONARKT-170] - Rule S6363: Enabling file access for WebViews is security-sensitive

Improvement

• [SONARKT-174] - Rule S5332: support Android WebView insecure mixed content policy

2.4.0

    Release Notes - Analyzer for Kotlin - Version 2.4

New Feature

• [SONARKT-116] - Rule S6202: Operator "is" should be used instead of "isInstance" functions
• [SONARKT-118] - Rule S4738: Kotlin features should be used instead of Guava
• [SONARKT-120] - Rule S2151: "runFinalizersOnExit" should not be called
• [SONARKT-121] - Rule S2122: "ScheduledThreadPoolExecutor" should not have 0 core threads
• [SONARKT-125] - Rule S1143: "return" statements should not occur in "finally" blocks
• [SONARKT-126] - Rule S2123: Values should not be uselessly incremented
• [SONARKT-127] - Rule S6218: Equals should be overridden in the data class with array fields

Task

• [SONARKT-128] - Update Kotlin to 1.5.31
• [SONARKT-175] - Prepare Release of SonarKotlin 2.4

False-Positive

• [SONARKT-176] - S1128: FP on imports from named companion objects

2.3.0

    Release Notes - Analyzer for Kotlin - Version 2.3

Bug

• [SONARKT-147] - NPE S1133(DeprecatedCodeCheck) for deprecated constructor

New Feature

• [SONARKT-142] - Rule S5320: Broadcasting intents is security-sensitive
• [SONARKT-143] - Rule S5322: Receiving intents is security-sensitive
• [SONARKT-144] - Rule S2053: Hashes should include an unpredictable salt
• [SONARKT-145] - Rule S4347: "SecureRandom" seeds should not be predictable

False-Positive

• [SONARKT-139] - S1128: FP despite reference to constant in companion object of target class

False Negative

• [SONARKT-166] - S5320 should raise on Activity or any sub classes of Context
• [SONARKT-167] - S5322 should raise on Activity or any sub classes of Context

2.2.0.499

    Release Notes - Analyzer for Kotlin - Version 2.2

Bug

• [SONARKT-34] - Issue suppression should work for S3776 (Cognitive Complexity)

New Feature

• [SONARKT-48] - Rule S6301: Mobile database encryption keys should not be disclosed
• [SONARKT-54] - Rule S5612: Lambdas should not have too many lines
• [SONARKT-61] - Rule S6291: Using unencrypted databases in mobile applications is security-sensitive
• [SONARKT-68] - Rule S5324: Accessing Android external storage is security-sensitive
• [SONARKT-69] - Rule S6300: Using unencrypted files in mobile applications is security-sensitive
• [SONARKT-100] - S1128: Unnecessary imports should be removed
• [SONARKT-106] - Rule S1133: Deprecated code should be removed
• [SONARKT-107] - Rule S1874: Deprecated code should not be used

Task

• [SONARKT-55] - Move to more modern JSON parsing library - Gson
• [SONARKT-109] - Update SonarLint version tested in our ITs

Improvement

• [SONARKT-81] - Add plugin tests for non-checks visitors
• [SONARKT-110] - S6311: update message
• [SONARKT-111] - S6318: update message
• [SONARKT-112] - S6306: update message

False-Positive

• [SONARKT-42] - Fix FP in rule S1192 when String literal is detected in annotations
• [SONARKT-108] - Fix FP in S1144 when special are present

False Negative

• [SONARKT-101] - Fix false-negatives in S1481 UnusedLocalVariableCheck

2.1.0.344

    Release Notes - Analyzer for Kotlin - Version 2.1

New Feature

• [SONARKT-50] - Rule s6288 Authorizing non-authenticated users to use keys in the Android KeyStore is security-sensitive
• [SONARKT-59] - Rule S6293: Using a biometric authentication independent of a cryptographic solution is security-sensitive
• [SONARKT-88] - S6306: Coroutine usage should adhere to structured concurrency principles
• [SONARKT-89] - S6307: Suspending functions should be main-safe
• [SONARKT-90] - S6310: Dispatchers should be injectable
• [SONARKT-91] - S6311: Suspending functions should be called on the caller's thread
• [SONARKT-92] - S6313: ViewModel classes should create coroutines
• [SONARKT-93] - S6315: The return value of "async" should be used
• [SONARKT-94] - S6318: "suspend" modifier should not be redundant
• [SONARKT-95] - S6316: Kotlin coroutines api for timeouts should be used
• [SONARKT-96] - S6314: Flow intermediate operation results should not be left unused
• [SONARKT-97] - S6312: Extension functions on CoroutineScope should not have `suspend` modifier
• [SONARKT-98] - S6309: Functions returning Flow/Channel should not be suspending
• [SONARKT-99] - S6305: Don’t expose MutableStateFlow & MutableSharedFlow

Task

• [SONARKT-51] - Migrate Groovy build scripts to Kotlin DSL

Improvement

• [SONARKT-28] - Remove dependency on Slang
• [SONARKT-77] - Move to Kotlin-specific plugin APIs
• [SONARKT-80] - Update Kotlin to 1.5.21
• [SONARKT-86] - Update rules metadata
• [SONARKT-87] - Try to improve performance

False-Positive

• [SONARKT-82] - Fix false-positives in S1172 UnusedFunctionParameterCheck
• [SONARKT-84] - Fix false-positives in S1144 UnusedPrivateMethodCheck

False Negative

• [SONARKT-83] - Fix false-negatives in S1172 UnusedFunctionParameterCheck
• [SONARKT-85] - Fix false-negatives in S3776 FunctionCognitiveComplexityCheck