Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-15390

Improve Injection Rules analysis: execution time divided by two in average, PHP WordPress support and better precision of Python checks

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 9.1
    • Component/s: None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      • The execution time of Injection Rules (taint analyzer) was reduced by two in average (the impact can be up to 90% reduction time for huge project). This was made possible by running the all the injection rules in a single run instead of running the code simulation for each rules. This works for Java, C#, PHP, Python, JS and TS.
      • The PHP security analyzer now support WordPress; sources, sinks, hooking system
      • The Python security analyzer is now string sensitive which allows us to provide you more accurate results (less FPs, more TPs)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              belen.pruvost Belén Pruvost
              Reporter:
              sonarqube.tech SonarQube Technical user
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: