Skip to content

7.4.0.27839

Compare
Choose a tag to compare
@quentin-jaquier-sonarsource quentin-jaquier-sonarsource released this 19 Oct 07:15
· 1144 commits to master since this release
3b1a383
    Release Notes - SonarJava - Version 7.4

Bug

  • [SONARJAVA-4021] - Wrong message in S1128 with unused imports from a sub-package

New Feature

  • [SONARJAVA-4029] - Rule S6301: Mobile database encryption keys should not be disclosed
  • [SONARJAVA-4030] - Rule S6291: Using unencrypted databases in mobile applications is security-sensitive
  • [SONARJAVA-4031] - Rule S6300: Using unencrypted files in mobile applications is security-sensitive
  • [SONARJAVA-4034] - Rule S4507: Add WebView debug settings
  • [SONARJAVA-4036] - Rule S6362: Enabling JavaScript support for WebViews is security-sensitive
  • [SONARJAVA-4037] - Rule S6363: Enabling file access for WebViews is security-sensitive

Task

Improvement

  • [SONARJAVA-3866] - Rule S6293: Using a biometric authentication independent of a cryptographic solution is security-sensitive
  • [SONARJAVA-3868] - Rule S6288: Authorizing non-authenticated users to use keys in the Android KeyStore is security-sensitive
  • [SONARJAVA-4039] - Rule S5332: support Android WebView insecure mixed content policy
  • [SONARJAVA-4046] - Avoid unnecessary TextEdit in quick fixes
  • [SONARJAVA-4049] - S2647: remove CWE-311 from "securityStandards" to match the "See" section

False-Positive

  • [SONARJAVA-2250] - FP on S2695 when the query is built in multiple statements
  • [SONARJAVA-3953] - S2095 should ignore ByteArrayOutputStream from apache.commons
  • [SONARJAVA-4014] - S1214 should not report interface with a parent
  • [SONARJAVA-4015] - FP in S1641 when the initializer is a ternary expression
  • [SONARJAVA-4016] - FP in S6206 when the return type of the getter is not the same as the one from the field
  • [SONARJAVA-4025] - FP in S2637 with non-null primitive field not initialized
  • [SONARJAVA-4040] - S1612 should not suggest casting though method reference for generic classes
  • [SONARJAVA-4041] - S1166 should not ignore whitelist when union type is used in catch

Documentation

False Negative

  • [SONARJAVA-4011] - S2119: Random() not detected when used directly in MemberSelectExpression
  • [SONARJAVA-4019] - FN in S2695 when the integer argument is coming from a constant
  • [SONARJAVA-4032] - S5322 should raise on Activity or any sub classes of Context
  • [SONARJAVA-4033] - S5320 should raise on Activity or any sub classes of Context
  • [SONARJAVA-4038] - S5324 should raise on Activity or any sub classes of Context