Update dependency SonarAnalyzer.CSharp to v9.26.0.92422

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
SonarAnalyzer.CSharp (source)	9.20.0.85982 -> 9.26.0.92422

---

Release Notes

SonarSource/sonar-dotnet (SonarAnalyzer.CSharp)

v9.26.0.92422: 9.26

Compare Source

New Rules

• 8871 - [C#] New rule S6932: Use model binding instead of reading raw request data
• 8992 - [C#] New rule S4347: Secure random number generators must not output predictable values
• 8996 - [C#] New rule S6781: JWT secret keys should not be disclosed
• 8982 - [C#] New rule S6377: XML signatures should be verified securely
• 8998 - [C#] New rule S5344: Passwords should not be stored in plain-text or with a fast hashing algorithm
• 8992 - [C#] New rule S4347: Secure random number generators must not output predictable values

Bug Fixes

• 8577 - Fix S2234 Bug: AD0001 is thrown due to referencing a location outside of the current compilation

Improvements

• 9282 - [C#] S6964: Issue is reported on the attribute instead of the property

False Positive

• 9360 - [C#] Fix S6964 FP: Properties decorated with the [BindNever] attribute
• 9337 - [C#] Fix S6964 FP: Add more attributes to the exclusions
• 9336 - [C#] Fix S6966 FP: Don't raise on XmlReader and XmlWriter methods
• 9331 - [C#] Fix S6964 FP: Property with a default value
• 9285 - [C#] Fix S6964 FP: Do not raise in properties with required modifier
• 9284 - [C#] Fix S6964 FP: Should not raise for reference properties in nullable context
• 9275 - [C#] Fix S6964 FP: Don't raise on properties annotated with the JsonRequiredAttribute
• 9269 - [C#] Fix S6966 FP: EntityFrameworks DbContext/DBSet Add/AddRange methods are preferred over their Asnyc counterpart
• 9265 - [C#] Fix S6966 FP: MongoDB Find can not be replaced by FindAsync
• 9252 - [C#] Fix S6934 FP: Abstract Controller base class
• 8985 - [C#] Fix S6934 FP: Attributes implementing IRouteTemplateProvider or inheriting from RouteAttribute
• 9318 - Fix S6966 FP: EntityFrameworks DbContext/DBSet Add/AddRange methods are preferred over their Async counterpart

False Negative

• 9263 - [C#] Fix S6964 FN: Rule should raise in case of value type property annotated with RequiredAttribute

v9.25.1.91650: 9.25.1

Compare Source

The latest Roslyn compiler version changes the way Razor files are compiled, and this hotfix release takes care of these changes. For more information check this issue.

Bug Fixes

• 9288 - [C#] Metrics analyzer for Razor: Lines of code are outside the range of the file

v9.25.0.90414: 9.25

Compare Source

Hello everyone,

This release comes with seven new rules for ASP.NET core alongside some improvements.
Enjoy!

New Rules

• 9096 - [C#] New Rule S6966: Awaitable method should be used
• 9095 - [C#] New Rule S6967: ModelState.IsValid should be called in controller actions
• 9094 - [C#] New Rule S6964: The value type properties of a model class should be nullable or marked as "Required" to avoid under-posting.
• 9093 - [C#] New rule S6968: Actions that return a value should be annotated with ProducesResponseTypeAttribute containing the return type
• 9092 - [C#] New rule S6965: You should use HttpAttribute in API controller actions
• 9091 - [C#] New rule S6962: You should pool HTTP connections with HttpClientFactory
• 9089 - [C#] New rule S6960: Controllers should not have too many responsibilities

Bug Fixes

• 9193 - Fix AD0001: Named Attribute Arguments in S6930

False Positive

• 9219 - [C#] Fix S1144 FP: Getters/Setters of property with attribute are being flagged

Improvements

• 9187 - Update RSPEC before 9.25 release
• 9186 - [C#] Rule S6961: Implement CodeFix

Rule deprecations and deletions

• 9175 - [VB.NET] Delete S2353: Remove deprecated rule
• 9189 - [C#] Deprecate S6803

v9.24.0.89429: 9.24

Compare Source

Hey everyone,
This release contains one new ASP.NET Rule (S6961) and several general improvements and fixes. Enjoy!

Improvements

• 9090 - [C#] New rule S6961 for C#: API Controllers should derive from ControllerBase instead of Controller
• 8696 - Fix coverage aggregation from multiple reports
• 9048 - Create SonarAnalyzer.CSharp.Styling project
• 7774 - [C#, VB.NET] Fix S1144: Nested type constructor accessibility is wrong in the rule message
• 8980 - Update RSPEC before 9.24 release

Bug Fixes

• 9113 - [C#, VB.NET] AD0001: ArgumentNullException in SymbolicExecutionRunner
• 8977 - [C#] CfgAllPathValidator AreAllSuccessorsValid Stack Overflow on Windows and error MSB6006 in Linux Codespaces

False Positive

• 9063 - [C#, VB.NET] Fix S2094 FP: Should not raise for messages
• 9062 - [C#, VB.NET] Fix S2094 FP: Documentation using the DefaultDocumentation package
• 7591 - [C#, VB.NET] Fix S2094 FP: Implicit parameterless constructor widens the scope of the base class constructor
• 8163 - [C#, VB.NET] Fix S3878 FP: Jagged arrays

False Negative

• 6724 - [C#, VB.NET] Fix S1144 FN: Unused private getters and private setters
• 6699 - [C#] Fix S1144 FN: Unused local functions

v9.23.2.88755: 9.23.2

Compare Source

Hello, everyone!

Today we are doing a bug fix release that also addresses a couple of false positives. We deprecated VB support for S6931 and removed the rule from the "Sonar Way" quality profile for VB.

Special thanks to @​Corniel for fixing #​9019!

Bug fix

• 9022 - S6931 and S6934 raises AD0001 warnings

Improvements

• 9075 - Update RSPEC before 9.23.2 release

False Positive

• 9011 - [C#] Fix S2094 FP: Primary constructor calling base class constructor
• 8905 - [C#, VB.NET] Fix S2259 FP: PropertyReference does not learn from the underlying symbol

v9.23.1.88495: 9.23.1

Compare Source

Bug Fixes

• 8984 - Fix StackOverflow in CfgAllPathValidator.AreAllSuccessorsValid
• 8991 - [C#, VB.NET] Fix TypeInitializationException in SymbolStartAnalysisContextWrapper

False Positive

• 8532 - [C#, VB.NET] Fix S1144 FP: Do not raise on serializable members

v9.23.0.88079: 9.23

Compare Source

Hello everyone!
This release comes with two new rules for ASP.NET, false positive fixes, and other improvements.

A big thank you to @​Corniel for their external contribution with #​8898!

New Rules

• 8872 - [C#] New rule S6934: You should specify the RouteAttribute when an HttpMethodAttribute is specified at an action level
• 8870 - [C#, VB.NET] New rule S6931: ASP.NET controller actions should not have a route template starting with "/"

False Positives

• 8898 - [C#] Fix S3993 FP: Allow abstract attributes not to decorate Attribute usage
• 8510 - [C#] Fix S3878 FP: When the input array is a collection expression with the spread operator
• 8260 - [C#] Fix S1117 FP: Field/property instances are not accessible from static methods
• 7709 - [C#] Fix S2094 FP: Marker interface not detected when using records
• 6633 - [C#] Fix S2857 FP: Rule is not checking SQL keywords in const interpolated string

Other improvements and fixes

• 8935 - [C#] Rule S6602: Improve the logging message when recommending for Array.Find
• 7999 - [C#] Fix S1125 codefix: Do not add ! when transforming x == false.

v9.22.0.87781: 9.22

Compare Source

New Rules

• 8869 - [C#, VB.NET] New rule S6930: Backslash should be avoided in route templates
• 8844 - [C#] New rule S3416: Loggers should be named for their enclosing types
• 8840 - [C#] New rule S6675: Trace.WriteLineIf should not be used with TraceSwitch levels
• 8847 - [C#] New rule S2139: Exceptions should be either logged or rethrown but not both
• 8845 - [C#] New rule S6664: Too many logging calls within a code block
• 8843 - [C#] New rule S6672: Generic logger injection should match enclosing type
• 8842 - [C#] New rule S6669: Logger field names should comply with a naming convention
• 8841 - [C#] New rule S6670: Trace.Write and Trace.WriteLine should not be used
• 8769 - [C#] New rule S6673: Log message template placeholders should be in the right order
• 8846 - [C#] New rule S1312: Logger fields should be private static readonly [Non-SonarWay]

False Positive

• 7088 - [C#, VB.NET] Fix S2589 FP: When local is assigned in for loop
• 8264 - [C#, VB.NET] Fix S2583 FP: Code wrongly considered unreachable
• 8891 - [C#] Fix S2629 FP: Allow concatenation of constants

v9.21.0.86780: 9.21

Compare Source

New Rules

• 8771 - [C#] New rule S6678: Use PascalCase for named placeholders
• 8770 - [C#] New rule S6674: Log message template should be syntactically correct
• 8768 - [C#] New rule S2629: Logging templates should be constant
• 8767 - [C#] New rule S6677: Named placeholders should be unique
• 8766 - [C#] New rule S6667: Exceptions should be passed as an argument when logging in a catch clause
• 8765 - [C#] New rule S6668: Logging arguments should be passed to the correct parameter

Improvements

• The following rules were promoted to the SonarWay profile: S127, S1244, S1696, S1192, S1994, S2701, S2955

Bug Fixes

• 8787 - [C#] Fix AD0001: SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner throws an exception on unknown Numeric Constraints

False Positive

• 8823 - [C#] Fix S2701 FP: avoid raising for xUnit Assert.True()
• 6772 - [C#] Fix S4507 FP: Error raised on .NET 7 although the debug feature is deactivated

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.