Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-14219

Improve C and C++ analysis - 4 security rules, 21 new rules for C++17, Clang frontend updated to version 11

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 8.6
    • Component/s: None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      4 security rules

      • S2068: Credentials should not be hard-coded
      • S2245: Using pseudorandom number generators (PRNGs) is security-sensitive
      • S5443: Using publicly writable directories is security-sensitive
      • S5042: Expanding archive files is security-sensitive

      21 new rules for C++17

      • S6005: Structured binding should be used
      • S6003: Emplacement should be prefered when insertion creates a temporary with sequence containers
      • S6004: "if" and "switch" initializer should be used
      • S6007: [[nodiscard]] should be used when the return value of a function should not be ignored
      • S5566: Support "any_of", "all_of" and "none_of"
      • S6015: "std::uncaught_exception" should not be used
      • S6009: "std::string_view" should be used to pass a read-only string to a function
      • S6022: "std::byte" should be used when you need byte-oriented memory access
      • S6018: Inline variables should be used to declare global variables in header files
      • S6016: "[*this]" should be used to capture the current object by copy
      • S6006: "as_const" should be used
      • S6023: "std::optional" member function "value_or" should be used
      • S5997: "scoped_lock" should be preferred over "lock_guard"
      • S6030: "try_emplace" should be used with "std::map" and "std::unordered_map"
      • S6033: "emplace" should be prefered over "insert" with "std::set" and "std::unordered_set"
      • S6013: "static_assert" with no message should be used over "static_assert" with empty or redundant message
      • S5999: a "scoped_lock" should not be created without arguments
      • S6011: Objects should not be created solely to be passed as arguments to functions that perform delegated object creation
      • S6031: The right template argument should be specified for std::forward
      • S6032: Unnecessary expensive copy should be avoided when using auto as a placeholder type
      • S6045: Transparent comparator should be used with associative "std::string"containers

      Coverage

      • Bullseye : add support for v6 reports

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mathieu.suen Mathieu Suen
              Reporter:
              sonarqube.tech SonarQube Technical user
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: