7.4.0.27839
quentin-jaquier-sonarsource
released this
19 Oct 07:15
·
1144 commits
to master
since this release
Release Notes - SonarJava - Version 7.4
Bug
- [SONARJAVA-4021] - Wrong message in S1128 with unused imports from a sub-package
New Feature
- [SONARJAVA-4029] - Rule S6301: Mobile database encryption keys should not be disclosed
- [SONARJAVA-4030] - Rule S6291: Using unencrypted databases in mobile applications is security-sensitive
- [SONARJAVA-4031] - Rule S6300: Using unencrypted files in mobile applications is security-sensitive
- [SONARJAVA-4034] - Rule S4507: Add WebView debug settings
- [SONARJAVA-4036] - Rule S6362: Enabling JavaScript support for WebViews is security-sensitive
- [SONARJAVA-4037] - Rule S6363: Enabling file access for WebViews is security-sensitive
Task
- [SONARJAVA-4018] - Deprecate S2039 for Java
- [SONARJAVA-4045] - Update rules metadata
Improvement
- [SONARJAVA-3866] - Rule S6293: Using a biometric authentication independent of a cryptographic solution is security-sensitive
- [SONARJAVA-3868] - Rule S6288: Authorizing non-authenticated users to use keys in the Android KeyStore is security-sensitive
- [SONARJAVA-4039] - Rule S5332: support Android WebView insecure mixed content policy
- [SONARJAVA-4046] - Avoid unnecessary TextEdit in quick fixes
- [SONARJAVA-4049] - S2647: remove CWE-311 from "securityStandards" to match the "See" section
False-Positive
- [SONARJAVA-2250] - FP on S2695 when the query is built in multiple statements
- [SONARJAVA-3953] - S2095 should ignore ByteArrayOutputStream from apache.commons
- [SONARJAVA-4014] - S1214 should not report interface with a parent
- [SONARJAVA-4015] - FP in S1641 when the initializer is a ternary expression
- [SONARJAVA-4016] - FP in S6206 when the return type of the getter is not the same as the one from the field
- [SONARJAVA-4025] - FP in S2637 with non-null primitive field not initialized
- [SONARJAVA-4040] - S1612 should not suggest casting though method reference for generic classes
- [SONARJAVA-4041] - S1166 should not ignore whitelist when union type is used in catch
Documentation
- [SONARJAVA-4042] - Document the quick fix metadata
False Negative
- [SONARJAVA-4011] - S2119: Random() not detected when used directly in MemberSelectExpression
- [SONARJAVA-4019] - FN in S2695 when the integer argument is coming from a constant
- [SONARJAVA-4032] - S5322 should raise on Activity or any sub classes of Context
- [SONARJAVA-4033] - S5320 should raise on Activity or any sub classes of Context
- [SONARJAVA-4038] - S5324 should raise on Activity or any sub classes of Context