Hi,
This release focuses on Security Hotspot rules, which identify security-sensitive areas of code. They help Security Analysts determine if a vulnerability is present in a software by guiding them during code reviews.
This new set of Security Hotspot rules find some of the most common security-sensitive code patterns, such as executing regular expression or encrypting data.
Each rule explains the danger which might be lurking, lists questions which should be answered to find out if the code is vulnerable or not, and provides recommendations. They are enabled by default and should be reviewed in SonarQube's Security Reports space.
SonarJS 5.1 brings 15 new Security Hotspot rules:
- Rule S5122: Enabling Cross-Origin Resource Sharing is security-sensitive
- Rule S4825: Sending HTTP requests is security-sensitive
- Rule S4784: Using regular expressions is security-sensitive
- Rule S4817: Executing XPath expressions is security-sensitive
- Rule S2077: Executing SQL queries is security-sensitive
- Rule S4790: Hashing data is security-sensitive
- Rule S4818: Using Sockets is security-sensitive
- Rule S4529: Exposing HTTP endpoints is security-sensitive
- Rule S4797: Handling files is security-sensitive
- Rule S4787: Encrypting data is security-sensitive
- Rule S2255: Using cookies is security-sensitive
- Rule S4823: Using command line arguments is security-sensitive
- Rule S4829: Reading the Standard Input is security-sensitive
- Rule S4721: Executing OS commands is security-sensitive
- Rule S2245: Using pseudorandom number generators (PRNGs) is security-sensitive