Merge pull request #18 from Softlr/feature/new-sonarqube-rules-added

New sonarqube rules added

.sonarlint/Softlr.Suppress.slconfig

@@ -8,7 +8,7 @@
   "Profiles": {
     "CSharp": {
       "ProfileKey": "AWETMlGEr86VThkHOK_x",
-      "ProfileTimestamp": "2018-11-14T21:10:11+01:00"
+      "ProfileTimestamp": "2018-11-29T11:14:41+01:00"
     }
   }
 }

.sonarlint/softlr.suppressCSharp.ruleset

@@ -64,6 +64,7 @@
     <Rule Id="S1451" Action="None" />
     <Rule Id="S1479" Action="Warning" />
     <Rule Id="S1481" Action="Warning" />
+    <Rule Id="S1523" Action="Warning" />
     <Rule Id="S1541" Action="Warning" />
     <Rule Id="S1607" Action="Warning" />
     <Rule Id="S1643" Action="Warning" />
@@ -89,6 +90,7 @@
     <Rule Id="S1994" Action="Warning" />
     <Rule Id="S2068" Action="Warning" />
     <Rule Id="S2070" Action="Warning" />
+    <Rule Id="S2077" Action="Warning" />
     <Rule Id="S2092" Action="Warning" />
     <Rule Id="S2114" Action="Warning" />
     <Rule Id="S2123" Action="Warning" />
@@ -168,6 +170,7 @@
     <Rule Id="S2997" Action="Warning" />
     <Rule Id="S3005" Action="Warning" />
     <Rule Id="S3010" Action="Warning" />
+    <Rule Id="S3011" Action="Warning" />
     <Rule Id="S3052" Action="Warning" />
     <Rule Id="S3060" Action="Warning" />
     <Rule Id="S3168" Action="Warning" />
@@ -342,10 +345,24 @@
     <Rule Id="S4456" Action="Warning" />
     <Rule Id="S4457" Action="Warning" />
     <Rule Id="S4462" Action="Warning" />
+    <Rule Id="S4507" Action="Warning" />
     <Rule Id="S4524" Action="Warning" />
+    <Rule Id="S4529" Action="Warning" />
     <Rule Id="S4564" Action="Warning" />
     <Rule Id="S4581" Action="Warning" />
     <Rule Id="S4586" Action="Warning" />
+    <Rule Id="S4721" Action="Warning" />
+    <Rule Id="S4784" Action="Warning" />
+    <Rule Id="S4787" Action="Warning" />
+    <Rule Id="S4790" Action="Warning" />
+    <Rule Id="S4792" Action="Warning" />
+    <Rule Id="S4797" Action="Warning" />
+    <Rule Id="S4817" Action="Warning" />
+    <Rule Id="S4818" Action="Warning" />
+    <Rule Id="S4823" Action="Warning" />
+    <Rule Id="S4825" Action="Warning" />
+    <Rule Id="S4829" Action="Warning" />
+    <Rule Id="S4834" Action="Warning" />
     <Rule Id="S818" Action="Warning" />
     <Rule Id="S881" Action="Warning" />
     <Rule Id="S907" Action="Warning" />

appveyor.yml

@@ -8,11 +8,11 @@ skip_branch_with_pr: true
 skip_commits:
   message: /\[(skip ci|ci skip)\]/
 
-version: 1.3.1.{build}
+version: 1.4.0.{build}
 image: Visual Studio 2017
 
 install:
-  - choco install msbuild-sonarqube-runner -y
+  - choco install sonarscanner-msbuild-net46 -y
   - choco install opencover.portable -y
   - choco install codecov -y
 
@@ -31,7 +31,7 @@ build_script:
   - dotnet build -c Release
 
 after_build:
-  - ps: dotnet pack -c Release --include-symbols --include-source --no-build -o $env:APPVEYOR_BUILD_FOLDER /p:Version=1.3.1
+  - ps: dotnet pack -c Release --include-symbols --include-source --no-build -o $env:APPVEYOR_BUILD_FOLDER /p:Version=1.4.0
 
 test_script:
   - dotnet test test\Softlr.Suppress.Tests -c Release --no-build
@@ -54,7 +54,7 @@ deploy:
   - provider: GitHub
     on:
       branch: master
-    release: 1.3.1
+    release: 1.4.0
     artifact: /.*\.nupkg/
     auth_token:
       secure: r+IxpBcxWvxwGdiNvsHFEWa0wa8WPzw3uRi+1/ObwPoGS16bzG9FObtJIsFdmj0L

src/Softlr.Suppress/Softlr.Suppress.csproj

@@ -20,7 +20,7 @@
     <PackageReference Include="JetBrains.Annotations" Version="2018.2.1">
 		<PrivateAssets>all</PrivateAssets>
 	</PackageReference>
-    <PackageReference Include="SonarAnalyzer.CSharp" Version="7.8.0.7320">
+    <PackageReference Include="SonarAnalyzer.CSharp" Version="7.9.1.7622">
 		<PrivateAssets>all</PrivateAssets>
 		<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 	</PackageReference>

src/Softlr.Suppress/Suppress.SonarQube.cs

@@ -86,6 +86,7 @@ public static partial class Suppress
         public const string S1451 = "S1451:Track lack of copyright and license headers";
         public const string S1479 = "S1479:switch statements should not have too many case clauses";
         public const string S1481 = "S1481:Unused local variables should be removed";
+        public const string S1523 = "S1523:Dynamically executing code is security-sensitive";
         public const string S1541 = "S1541:Methods and properties should not be too complex";
         public const string S1607 = "S1607:Tests should not be ignored";
         public const string S1643 = "S1643:Strings should not be concatenated using '+' in a loop";
@@ -124,6 +125,7 @@ public static partial class Suppress
             "S2070:SHA-1 and Message-Digest hash algorithms should not be used in secure contexts";
 
         public const string S2076 = "S2076:OS commands should not be vulnerable to injection attacks";
+        public const string S2077 = "S2077:Executing SQL queries is security-sensitive";
         public const string S2078 = "S2078:LDAP queries should not be vulnerable to injection attacks";
         public const string S2083 = "S2083:I/O function calls should not be vulnerable to path injection attacks";
         public const string S2091 = "S2091:XPath expressions should not be vulnerable to injection attacks";
@@ -151,7 +153,7 @@ public static partial class Suppress
         public const string S2228 = "S2228:Console logging should not be used";
         public const string S2234 = "S2234:Parameters should be passed in the correct order";
         public const string S2245 = "S2245:Using pseudorandom number generators (PRNGs) is security-sensitive";
-        public const string S2255 = "S2255:Storing personal data in cookies is security-sensitive";
+        public const string S2255 = "S2255:Using cookies is security-sensitive";
         public const string S2259 = "S2259:Null pointers should not be dereferenced";
         public const string S2275 = "S2275:Composite format strings should not lead to unexpected behavior at runtime";
         public const string S2278 = "S2278:Neither DES (Data Encryption Standard) nor DESede (3DES) should be used";
@@ -221,6 +223,7 @@ public static partial class Suppress
         public const string S2997 = "S2997:IDisposables created in a using statement should not be returned";
         public const string S3005 = "S3005:ThreadStatic should not be used on non-static fields";
         public const string S3010 = "S3010:Static fields should not be updated in constructors";
+        public const string S3011 = "S3011:Changing or bypassing accessibility is security-sensitive";
         public const string S3052 = "S3052:Members should not be initialized to default values";
         public const string S3060 = "S3060:is should not be used with this";
         public const string S3168 = "S3168:async methods should not return void";
@@ -425,10 +428,27 @@ public static partial class Suppress
         public const string S4456 = "S4456:Parameter validation in yielding methods should be wrapped";
         public const string S4457 = "S4457:Parameter validation in async/await methods should be wrapped";
         public const string S4462 = "S4462:Calls to async methods should not be blocking";
+
+        public const string S4507 =
+            "S4507:Delivering code in production with debug features activated is security-sensitive";
+
         public const string S4524 = "S4524:default clauses should be first or last";
+        public const string S4529 = "S4529:Exposing HTTP endpoints is security-sensitive";
         public const string S4564 = "S4564:ASP.NET HTTP request validation feature should not be disabled";
         public const string S4581 = "S4581:new Guid() should not be used";
         public const string S4586 = "S4586:Non-async Task/Task<T> methods should not return null";
+        public const string S4721 = "S4721:Executing OS commands is security-sensitive";
+        public const string S4784 = "S4784:Using regular expressions is security-sensitive";
+        public const string S4787 = "S4787:Encrypting data is security-sensitive";
+        public const string S4790 = "S4790:Hashing data is security-sensitive";
+        public const string S4792 = "S4792:Configuring loggers is security-sensitive";
+        public const string S4797 = "S4797:Handling files is security-sensitive";
+        public const string S4817 = "S4817:Executing XPath expressions is security-sensitive";
+        public const string S4818 = "S4818:Using Sockets is security-sensitive";
+        public const string S4823 = "S4823:Using command line arguments is security-sensitive";
+        public const string S4825 = "S4825:Sending HTTP requests is security-sensitive";
+        public const string S4829 = "S4829:Reading the Standard Input is security-sensitive";
+        public const string S4834 = "S4834:Controlling permissions is security-sensitive";
         public const string S818 = "S818:Literal suffixes should be upper case";
 
         public const string S881 =

test/Softlr.Suppress.Tests/Softlr.Suppress.Tests.csproj

@@ -12,10 +12,10 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="codecracker.CSharp" Version="1.1.0" />
-    <PackageReference Include="FluentAssertions" Version="5.5.0" />
+    <PackageReference Include="FluentAssertions" Version="5.5.3" />
     <PackageReference Include="JetBrains.Annotations" Version="2018.2.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.9.0" />
-    <PackageReference Include="SonarAnalyzer.CSharp" Version="7.8.0.7320">
+    <PackageReference Include="SonarAnalyzer.CSharp" Version="7.9.1.7622">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
     </PackageReference>