Releases: SonarSource/sonar-iac
1.42.0.14460
Release notes - SonarIac - 1.42
False Positive
SONARIAC-1680 S6975 should not raise issues on commonly used orders
SONARIAC-1811 S7026 should not raise an issue when usage of CURL is part of a complex command chain
New Feature
SONARIAC-1620 Support "else with" of Go 1.23 in Helm evaluation
Improvement
SONARIAC-1856 S7019 message should be improved and should not raise after SHELL instruction
1.41.0.14206
Release notes - SonarIac - 1.41
False Positive
SONARIAC-1773 S6570 should not raise when ARG doesn't contains globbing
1.40.0.13983
Release notes - SonarIac - 1.40
Bug
SONARIAC-1692 Dockerfile Jinja template should not be parsed
SONARIAC-1808 Bicep parser should not fail on union operator for array or variable declaration
SONARIAC-1816 Bicep parser should support extensions
SONARIAC-1845 ARM parser should not crash when parsing resources with symbolic name
False Negative
SONARIAC-1819 S6400: Update the list of resources that the Terraform analyzer detects
SONARIAC-1827 S6437 should raise on instructions part of the final image
False Positive
SONARIAC-1796 S6893 should not raise on Helm separators `{{`/`}}` in strings
SONARIAC-1817 S6400, S6302: Improve Terraform detection of Google Cloud roles
SONARIAC-1818 S6258: Improve S3 bucket logic
SONARIAC-1824 S117 should allow "$_" for ignored variables
SONARIAC-1840 S7031 Should only raise on instructions in the final image
SONARIAC-1865 S6893 should not raise on comment for specific case with dash
Improvement
SONARIAC-1188 Deprecate S6245
SONARIAC-1668 S6868: Change rule type to Security Hotspot
SONARIAC-1750 S6473 should be configurable for Kubernetes
SONARIAC-1776 Support resources with symbolic name
SONARIAC-1833 S6255: Remove rule from default quality profile "SonarWay"
SONARIAC-1837 S6433: Remove rule from default quality profile "SonarWay"
1.39.0.13718
Release notes - SonarIac - 1.39
Bug
SONARIAC-1558 Heredoc parser shouldn't crash on empty heredoc
SONARIAC-1629 Bicep parser should support spread operator
SONARIAC-1634 Parser should not fail on equality operator case insensitive
SONARIAC-1635 Parser should not fail on type references constructed from identifiers
SONARIAC-1674 Bicep parser should parse additional properties type suffix
SONARIAC-1793 Support nullable types in Bicep
SONARIAC-1794 Support array dereferenced via "[*]" syntax in Bicep
SONARIAC-1797 Bicep parser should support identifiers in types as suffix
SONARIAC-1802 All Kustomize files should be counted for telemetry
SONARIAC-1820 Bicep parser should support multiline string with quotes insides
SONARIAC-1821 S6584 should not raise on gdebi with --n option
New Feature
SONARIAC-1735 Share common logic between Kuberenetes and Ansible
SONARIAC-1799 S6584 should raise on gdebi command when -n and --non-interactive options are missing
False Negative
SONARIAC-376 S6249 should raise on the sensitive RSPEC example
SONARIAC-1087 The test case files should have a valid file identifier
SONARIAC-1623 SpringConfiguration sensor misses files
SONARIAC-1624 S4423: Support detection of coma-separated properties
SONARIAC-1625 S4423: Add support for Rsocket enabled protocols
False Positive
SONARIAC-1121 S6595 shouldn't raise on gdebi package manager frontend
SONARIAC-1678 S6579 should not raise an issue when args are used in other args
SONARIAC-1679 S6587 should not raise an issue when a cache mount is defined with a variable
SONARIAC-1718 Rule S6954 should ignore empty properties
SONARIAC-1720 S6294 should not raise an issue for alternative log group declaration
SONARIAC-1737 S6954 shouldn't flag "userAssignedIdentities"
SONARIAC-1759 S6870: Add additional conditions for read-only detection
SONARIAC-1772 S6587 should not raise when used in multistage build
SONARIAC-1780 S6573 should not raise on heredoc
SONARIAC-1795 S6587 should not raise when cache is removed
Improvement
SONARIAC-1761 "community.kubernetes.k8s" should be detected as a Kubernetes module
SONARIAC-1806 Expand AzureResourceManager FilePredicate with http schema url
SONARIAC-1810 Updating to SONAR Source-Available License v1.0 (SSALv1)
1.38.0.13264
Rules metadata update.
1.37.0.12742
Release notes - SonarIac - 1.37
Bug
SONARIAC-1631 Bicep parser should parse array types
SONARIAC-1672 Update snake-yaml-engine to newest version
SONARIAC-1689 Helm analyzer doesn't work in SonarLint when modifying file and restart
New Feature
SONARIAC-1628 Kubernetes analyzer should store telemetric data about the kind of analyzed files
SONARIAC-1652 S1135 Track uses of "TODO" tags
SONARIAC-1653 S2260 Track parsing failures
SONARIAC-1654 Create predicate in Ansible analyzer to detect yaml file
Improvement
SONARIAC-1702 Add logs with time measures about IaC file predicate execution
1.36.0.12431
Release notes - SonarIac - 1.36
Bug
SONARIAC-1475 Should not throw ClassCastException when decorator contains a dot
SONARIAC-1549 Bicep parser should support parsing object with comma-separated properties
SONARIAC-1587 Bicep parser should support safe-dereference operator
SONARIAC-1588 Bicep parser should support String starting with `#` and containing variable interpolation
SONARIAC-1618 Bicep parser should not fail on wildcard imports
SONARIAC-1632 Should not fail on array expressions with trailing commas
False-Positive
SONARIAC-1609 S7020 exception logic should be replaced with a more precise solution
1.35.0.12330
Release notes - SonarIac - 1.35
Bug
SONARIAC-1574 Rule id's of cfn-lint issues should be correctly imported
False-Positive
SONARIAC-976 S6249 should not raise when the Resource field of the bucket policy is a list
SONARIAC-1083 S6380 should not raise an issue when a child resource defined outside of its parent resource makes it compliant
SONARIAC-1084 S6648 should not raise an issue for expression
SONARIAC-1120 S6595 shouldn't raise when "install" command is part of ARG
SONARIAC-1122 S6500 should not raise an issue if the option `--no-install-recommends` is present anywhere in the command
SONARIAC-1295 S6504 should raise an issue independently from the file extension
SONARIAC-1482 S6270 should not raise when conditions are set
SONARIAC-1491 S6949 should not raise for "Global" location
SONARIAC-1595 S6505 should not raise an issue when `--ignore-script` is missing but env variable `YARN_ENABLE_SCRIPTS` is `false`
SONARIAC-1596 ARM rules should use ContextualResource in order to properly check existing resource
SONARIAC-1605 S6865: Change the detection logic to a more realistic one
SONARIAC-1607 S7026 should not raise an issue on wget/curl when specific request elements are precised
SONARIAC-1608 S7031 should not raise if consecutive RUN instructions have different options
SONARIAC-1610 S6587 should not raise if a cache mount is used
SONARIAC-1611 S117 should not raise an issue on variable name $ (dollar)
SONARIAC-1614 Improve precision of S1874 to reduce the FP rate
New Feature
SONARIAC-1272 S6333 should raise an issue for APIGatewayV2 HTTP API
False Negative
SONARIAC-1014 S6413 should raise an issue for AWS CloudWatch resource
SONARIAC-1099 S6388 detection logic for `virtualMachine` resource should be adapted
SONARIAC-1100 S6388 detection logic for `virtualMachineScaleSet` resource should be adapted
SONARIAC-1104 S5332 should raise if isHttpAllowed is set to true on Cdns/profiles/endpoints
Improvement
SONARIAC-402 Missing properties in issue/hotspot message should be surrounded with double quotes
SONARIAC-748 Improve "Why is this an issue?" for external CFNLint issues
SONARIAC-1006 S6382 should handle both old name `client_cert` and new name `client_certificate` in impacted resources
SONARIAC-1077 External Reports should adopt the new Clean Code Taxonomy
SONARIAC-1487 Implement syntax highlighting for keys in YAML files
SONARIAC-1619 Reporting an issue on a resource in bicep should highlight the symbolic name instead of the name attribute
1.34.0.12019
Release notes - SonarIac - 1.34
Bug
SONARIAC-1604 JvmFramework commentVisitor should not crash on empty array
New Feature
SONARIAC-1488 S6437: Support detection of Hardcoded Secrets for Micronaut configuration
SONARIAC-1493 S4423: Support detection of TLS Protocol Downgrades for Micronaut configuration
SONARIAC-1494 S4830: Support detection of insecure-trust-all-certificates in Micronaut configuration
SONARIAC-1505 S3330: Support detection of HttpOnly flag in Micronaut configuration
SONARIAC-1506 S2092: Support detection of Secure flag in Micronaut configuration
SONARIAC-1592 Modify spring-config extension to handle both Spring and Micronaut framework
Improvement
SONARIAC-706 External importers should accept wildcards in properties
1.33.1.11833
Release notes - SonarIac - 1.33.1
Bug
SONARIAC-1581 Issue is reported on incorrect line with Go variable declaration
SONARIAC-1585 Filter shouldn't be pre-filtered from SonarLint module file system