Releases: SonarSource/sonar-iac
1.31.0.10579
Release notes - SonarIac - 1.31
Bug
SONARIAC-1322 Empty file suffixes are not substituted with defaults with SQ 10.4
SONARIAC-1392 Should not throw parse exception strconv.Atoi when read _resources.tpl
SONARIAC-1485 Docker parser should not create invalid offset on multiline bash script
False-Positive
SONARIAC-437 S6258 should not raise on Azure Storage Account logging
SONARIAC-789 Take dynamic blocks into account when detecting absence of properties
SONARIAC-855 S6437 Refine openssl secret generation command detection
SONARIAC-1008 S4423 Add support for Azure MSSQL
SONARIAC-1009 S4423 Weak SSL/TLS protocols should not be detected when using AWS API Gateway
SONARIAC-1030 S6330 Should consider correct default queue encryption (SSE-SQS)
SONARIAC-1035 S4423 should not report missing property for Azure resources with azurerm >= 3.0
SONARIAC-1096 S6380 ARM Detection logic needs to be adjusted
SONARIAC-1141 S6587 should not raise on apt-get when installing a local package
SONARIAC-1260 S6596 should not raise an issue on docker special image `scratch`
SONARIAC-1418 S6596 should not raise on references to previous build stages when previous stage is unresolvable
SONARIAC-1465 S1192 should not raise on strings that are formatted
SONARIAC-1467 S6380 should not raise on storageAccounts when allowBlobPublicAccess is not set
SONARIAC-1468 S1192 should not raise on module path
False Negative
SONARIAC-784 S6413 should be raised when insights block is missing or disabled
SONARIAC-1022 S6506 Detection should not be thwarted by addition of parameters
SONARIAC-1023 S6245 Checking AWS::S3::Bucket should not rely on properties
Improvement
SONARIAC-1489 Deprecate S6869: CPU limits should be enforced
1.30.0.10357
Release notes - SonarIac - 1.30
Bug
SONARIAC-1451 Properties grammar should accept key that contains comments indicators
SONARIAC-1459 Resolve Parsing Issues on Spring Configuration Files
New Feature
SONARIAC-1393 S6437: Support detection of Hardcoded Secrets for Spring configuration
SONARIAC-1394 S5693: Support detection of Excessive File Upload Size Limit for Spring configuration
SONARIAC-1395 S4507: Support detection of enabled Debug Features in Spring configuration
SONARIAC-1396 S4423: Support detection of TLS Protocol Downgrades for Spring configuration
SONARIAC-1397 S2092: Support detection of misconfigured "Secure" cookie flags in Spring configuration
SONARIAC-1398 S3330: Support detection of misconfigured "HttpOnly" cookie flags in Spring configuration
SONARIAC-1430 Implement "SpringConfigSensor"
SONARIAC-1431 Convert parsed properties file to "SpringConfigTree"
SONARIAC-1432 Onboard the "spring-config" extension into the sonar-iac plugin
SONARIAC-1435 Generate Parser and Visitor with ANTLR for properties file
SONARIAC-1437 Implement metrics and highlighting visitors for .properties files
SONARIAC-1438 Implement "SpringConfig"
SONARIAC-1439 Implement a converter from YAML tree to "SpringConfig"
SONARIAC-1446 Implement "SpringConfigParser"
SONARIAC-1448 S2260: Java parsing failure
SONARIAC-1449 S1135: Track uses of TODO tags in Spring configuration files
Improvement
SONARIAC-1458 Narrow the scope of YAML files considered by the spring-config sensor
1.29.0.10169
Release notes - SonarIac - 1.29
Improvement
SONARIAC-1419 JSON filenames containing compile_commands should be excluded
1.28.0.9889
Release notes - SonarIac - 1.28
Bug
SONARIAC-882 ARM JSON Support Template expressions
SONARIAC-1360 Shouldn't throw Exceptions when highlighting issue location
False-Positive
SONARIAC-1429 S1192: String literals should be raised less often
New Feature
SONARIAC-1370 S117: Parameter and variable names should comply with a naming convention
SONARIAC-1371 S6874: Use a hard-coded value for the apiVersion
SONARIAC-1372 S6949: Don't hardcode resource locations
SONARIAC-1373 S6952: Redundant explicit dependencies between resources should be removed
SONARIAC-1374 S1481: Unused local variables should be removed
SONARIAC-1375 S1192: String literals should not be duplicated
SONARIAC-1376 S6953: Don't use "allowedValues" for a location parameter
SONARIAC-1379 S6955: Unused parameters should be removed
SONARIAC-1380 S6954: Elements should not be empty or null
SONARIAC-1381 S6956: The properties and elements inside a template should appear in the recommended order
SONARIAC-1382 S4507: Delivering code in production with debug features activated is security-sensitive
SONARIAC-1384 S6437: Credentials should not be hard-coded
SONARIAC-1400 Logic for Tracking Variable Usage in Azure Resource Manager Templates and Bicep Files
SONARIAC-1401 Logic for Tracking Parameter Usage in Azure Resource Manager Templates and Bicep Files
Improvement
SONARIAC-1410 Improve Logic for Tracking Symbol Usage in Azure Resource Manager Templates and Bicep files
SONARIAC-1425 Split S6956 implementation into 2 rules
1.27.0.9518
Release notes - SonarIac - 1.27
Bug
SONARIAC-1290 Highlighting an issue directly before {{- end -}} results in highlighting the wrong line
SONARIAC-1308 Shouldn't include next line into shifted issue's text range
SONARIAC-1319 Should not evaluate templates when Chart.yaml is missing
SONARIAC-1383 Bicep parsing shouldn't fail if a string literal starts with a comment
New Feature
SONARIAC-1131 Report secondary locations in values.yaml for existing Kubernetes checks
SONARIAC-1154 Resolve values locations in values.yaml
SONARIAC-1301 Provide metrics of Helm Chart files
SONARIAC-1343 Publish values file to SQ
SONARIAC-1345 Highlight precise simple value in Helm expression in primary location
SONARIAC-1346 Highlight precise array values in Helm expression in primary location
SONARIAC-1347 Highlight precise loops in Helm expression in primary location
SONARIAC-1351 Precise primary location for "include" function in Helm expression
SONARIAC-1353 Highlight precise simple not-evaluated value in Helm file in primary location
SONARIAC-1355 Enable parsing of comment nodes in the Go template AST
SONARIAC-1356 Provide precise node lengths in the Go template AST
SONARIAC-1357 Raise Kubernetes issues on yaml values instead of key-value pairs
Improvement
SONARIAC-703 Add custom assertion for ExternalIssues
SONARIAC-1363 Comment at the end of YAML files should be assigned to the root node
SONARIAC-1385 Catch IllegalArgumentException when reporting issues to SensorContext
SONARIAC-1386 Do not raise issue for K8s limit rules when LimitRange is detected
1.26.0.8471
Release notes - SonarIac - 1.26
Bug
SONARIAC-1258 ".Capabilities.APIVersions.Has" should be evaluated correctly
SONARIAC-1267 Should not throw ClassCastException when Helm evaluated template contains literal style and empty lines
SONARIAC-1268 Should not throw NullPointerException Cannot read field "originalLineSize"
SONARIAC-1270 Should not throw IllegalArgumentException: 23 is not a valid line for pointer
SONARIAC-1271 Should not fail parsing unquoted text
SONARIAC-1276 Should discover root directory for deeply nested template files
SONARIAC-1279 Shouldn't fail the analysis on an architecture not supported by sonar-helm-for-iac
SONARIAC-1282 Shouldn't try to raise PraseExceptions with invalid text pointer
SONARIAC-1283 Should not throw exception "-1 is not a valid line offset for a file"
SONARIAC-1285 Fix aggregation of additional helm files for windows
SONARIAC-1286 Should not fail parsing when literal style at the end of evaluated template
False-Positive
SONARIAC-1143 ARM rules should not check attributes on `existing` resources
New Feature
SONARIAC-1134 Evaluate loops in Helm files
SONARIAC-1190 S6864: Memory limits should be enforced
SONARIAC-1200 S6865: Service account tokens should not be mounted in pods
SONARIAC-1203 S6867: Wildcards should not be used to define RBAC permissions
SONARIAC-1205 S6868: Allowing command execution is security sensitive
SONARIAC-1211 S6869: CPU limits should be enforced
SONARIAC-1226 S5332: Using clear-text protocols is security-sensitive
SONARIAC-1227 S6870: Storage limits should be enforced
SONARIAC-1229 S6473: Exposing administration services is security-sensitive
SONARIAC-1263 Detect ConfigMaps, Secrets and other Kubernetes files for analysis
SONARIAC-1274 Improve template processing by adding missing Sprig function
Improvement
SONARIAC-1202 Helm files should be detected even if they don't satisfy KubernetesFilePredicate
SONARIAC-1250 Update golang.org/x/crypto to 0.17.0
SONARIAC-1261 Unblock reading helm process error stream
SONARIAC-1287 Reduce logging level of known parse exceptions
1.25.0.8192
Release notes - SonarIac - 1.25
Bug
SONARIAC-1256 Fix incorrect transfer of files between Java and Go Code
SONARIAC-1257 `.Chart` object's keys should be capitalized
SONARIAC-1262 Should support "join" function in Helm charts
SONARIAC-1264 Helm analysis should not fail if repository contains empty file
SONARIAC-1266 Should not throw ClassCastException when Helm template contains multiple documents
New Feature
SONARIAC-1176 Implement "include" function for Helm template evaluation
SONARIAC-1177 Implement "tpl" function for Helm template evaluation
SONARIAC-1201 Support built-in Helm objects in template evaluation
SONARIAC-1231 Evaluate all files of Chart directory in Go Engine
SONARIAC-1232 Evaluate dependent files in Go Engine
Improvement
SONARIAC-1185 Values file should be found for templates in subfolders
SONARIAC-1219 Create a Docker Image to build go binaries
SONARIAC-1225 Pass all files of the Helm project directory to HelmEvaluator
SONARIAC-1248 Fix code coverage after migration to Gradle
SONARIAC-1254 Files from `templates/` directory should be prefixed with chart name before evaluation
1.24.0.7839
Release notes - SonarIac - 1.24
Bug
SONARIAC-1183 HelmPreprocessor crashes on some files
SONARIAC-1187 KubernetesHighlightVisitor doesn't match lines with only comments
SONARIAC-1224 Bicep files should be belonging to AzureResourceManager for SonarCloud AutoScan
New Feature
SONARIAC-1146 Preprocessing Helm add trailing comments with line numbers
SONARIAC-1147 Kubernetes sensor should not ignore file with Helm Directive
SONARIAC-1148 Issue on helm file should be raised at the right location
SONARIAC-1149 Evaluate Helm templates in Go
SONARIAC-1164 Evaluate simple Helm Charts and raise Kubernetes issues
SONARIAC-1182 Build Go binaries as executables and get data from stdout
SONARIAC-1184 Support "default" function in Helm template evaluation
SONARIAC-1186 Support "toYaml" function in Helm template evaluation
Improvement
SONARIAC-1198 Allow users to deactivate Helm analysis
SONARIAC-1223 Improve error handling in Go exceptions
SONARIAC-1230 Align AzureResourceManager property keys and deprecate old key format
1.23.0.7263
Release notes - SonarIac - 1.23
Bug
SONARIAC-1142 S6329 should report only one issue for the same location
Improvement
SONARIAC-1076 Use Java 17 to build project
SONARIAC-1168 Register JSON and YAML language
1.22.0.7057
Release notes - SonarIac - 1.22
- Update rule descriptions to include Learn as You Code changes