September 2021 Summaries
4 posts from Sonar
Filter
Month:
Year:
Post Summaries
Back to Blog
SonarLint is a free in-IDE static analysis plugin that was launched this year to support C and C++ projects in CLion, addressing quality and security issues. The tool has continued to add value to its users by bringing even greater capabilities to the table. SonarLint's C++ analyzer demonstrates powerful capabilities with unique and interesting rules that can elevate CLion's built-in static analysis capabilities. These rules include checks for const correctness, transparent comparators, modernizing rules such as avoiding default capture modes and using initializer variables to reduce scope, and security-related issues like detecting sensitive data removal with `memset_s` and weak encryption algorithms. SonarLint enhances CLion by adding a rich set of rules and insightful rule descriptions, making static analysis more accessible and useful for developers. The tool seamlessly integrates with CLion's inspections and clang-tidy checks, providing a natural next step in improving code quality.
Sep 28, 2021
1,528 words in the original blog post.
SonarLint is a free and open source IDE plugin that intelligently detects and helps you fix coding flaws as you write code, supporting multiple IDEs and programming languages. ` The new quick-fix feature in SonarLint boosts coding efficiency by providing automated fixes adapted to your code, saving time and effort by crafting specific solutions for issues. ` By hovering over highlighted problems or using configured shortcuts, users can understand the issue, review suggestions, and instantly apply the quick fix. ` This feature helps developers address coding issues more efficiently, providing contextual guidance and examples to educate and inform. ` The tool also offers a clear explanation of potential problems and how to fix them, enhancing the overall coding experience.
Sep 23, 2021
347 words in the original blog post.
The security vulnerabilities discovered in Cachet 2.4 allow attackers to exploit three different methods to gain unauthorized access to the instance, including remote code execution, configuration leaks, and forced re-installation of existing instances. The vulnerabilities are related to the Laravel framework's configuration file handling and lack of validation on incoming data. The discovery of these vulnerabilities highlights the importance of regular security audits and testing for SaaS companies, especially those using PHP-based frameworks like Laravel. The patches applied by the maintainers of the FiveAI fork of Cachet have addressed these issues, improving the overall security posture of the platform.
Sep 21, 2021
1,643 words in the original blog post.
SonarQube, SonarCloud, and SonarLint are open-source products that have recently opened up product portals on Productboard to showcase their current features, recent releases, and planned features. The portals also include an "Under Consideration" tab where users can provide input on unconfirmed or uncertain feature ideas, with voting options of Nice-to-have, Important, and Critical. By engaging with the community through these portals, Sonar developers aim to gather feedback and shape their product roadmap.
Sep 14, 2021
201 words in the original blog post.