Skip to content

SonarJS 6.4
Compare
Choose a tag to compare
@andrey-tyukin-sonarsource andrey-tyukin-sonarsource released this 24 Aug 11:14
· 1636 commits to master since this release
6.4.0.12803
3024015

New rules:

  • S2598: File uploads should be restricted (formidable)
  • S4502: Disabling CSRF protection is security-sensitive
  • S4507: Delivering code in production with debug features activated is security-sensitive
  • S5689: Recovering fingerprints from web application technologies should not be possible
  • S5691: Statically serving hidden files is security-sensitive
  • S5693: Allowing requests with excessive content length is security-sensitive

Improved rules:

  • S5122: now raised only when permissive CORS policy is obvious; Support for cors middleware.

Deprecated rules:

Changes in the requirements:

  • The plugin now requires Node.js 10
  • The plugin no longer relies on user-provided TypeScript: TypeScript is now shipped with the analyzer.
  • Support for solution-style tsconfigs
  • Very large files are now excluded from analysis by default (property sonar.javascript.maxFileSize controls the threshold)
Assets 2
Loading