Skip to content

Releases: SonarSource/sonar-java

7.16.1.31255

06 Mar 13:51
e985f2c
Compare
Choose a tag to compare

Release notes - SonarJava - 7.16.1

Bug

SONARJAVA-4396 The Java analyzer distinguishes between changed and unchanged in files in PR context

7.17.0.31219

21 Feb 10:18
Compare
Choose a tag to compare

Release notes - SonarJava - 7.17

Bug

SONARJAVA-4402 Unit tests fail on any non English language OS

SONARJAVA-4418 S1068 dirty state in UnusedPrivateFieldCheck throws IllegalArgumentException repetitively

False-Positive

SONARJAVA-3995 FP S3400 when method can be overridden

SONARJAVA-4244 S3400 should report on boolean types

SONARJAVA-4254 FP S4684 when @Entity are not converter from json automatically

SONARJAVA-4327 FP on S3937 when binary numbers

SONARJAVA-4328 FP on S2142 when `InterruptedException` is rethrown

SONARJAVA-4393 FP on S1105 due to Record conversion in JParser

SONARJAVA-4403 S3553 FP on overridden methods

SONARJAVA-4405 FP on S101 when classes extends java.util.ResourceBundle

SONARJAVA-4406 FP on S2142 when the InterruptedException is caught in an inner try-catch

Task

SONARJAVA-4394 Rule S1849: Refactor HasNextCallingNext rule to not use non-static inner class

SONARJAVA-4395 Rule S1114: In ObjectFinalizeOverridenCallsSuperFinalizeCheck lastStatementTree field is not always cleaned

SONARJAVA-4416 Update rules metadata

Improvement

SONARJAVA-3920 Add quick fixes for S5810 (JUnit5SilentlyIgnoreClassAndMethodCheck)

SONARJAVA-3924 Add quick fixes for S2129 (StringPrimitiveConstructorCheck)

SONARJAVA-3938 Add quick fixes for S4719 (StandardCharsetsConstantsCheck)

SONARJAVA-3959 Add quick fixes for S1656 (SelfAssignementCheck)

SONARJAVA-4185 Rules should not report FP when methods have an unknown parameter type

SONARJAVA-4187 S3329 should not report FP when the semantic is incomplete

SONARJAVA-4311 Add quick fixes for S1217 (ThreadRunCheck)

SONARJAVA-4314 Add quick fixes for S1450 (PrivateFieldUsedLocallyCheck)

SONARJAVA-4315 Add quick fixes for S1066 (CollapsibleIfCandidateCheck)

SONARJAVA-4317 Add quick fixes for S2147 (CombineCatchCheck)

SONARJAVA-4319 Add quick fixes for S2116 (ArrayHashCodeAndToStringCheck)

SONARJAVA-4321 Add quick fixes for S2225 (ToStringReturningNullCheck)

SONARJAVA-4350 Improve the suggested quick fix for S1068 when there are some writes to the variable

SONARJAVA-4352 Add quick fixes for S1132 (StringLiteralInsideEqualsCheck)

7.16.0.30901

11 Jan 15:57
4b14365
Compare
Choose a tag to compare

Release notes - SonarJava - 7.16

Bug

SONARJAVA-4127 UnsupportedOperationException when computing the signature of a MethodSymbol

SONARJAVA-4279 S1612 should not report an issue with incomplete semantics

SONARJAVA-4356 Several regular expressions are inefficient

SONARJAVA-4370 Memory leak in rule S5852 RedosCheck because regexCreations field is never cleaned

SONARJAVA-4371 Memory leak in multiple symbolic execution-based rules

SONARJAVA-4386 Members of RECORD tree are not ordered

SONARJAVA-4390 NPE in ECJ should be catched by JType.isSubtype(...)

SONARJAVA-4391 NPE in LombokFilter

SONARJAVA-4392 NPE in DivisionByZeroCheck

Documentation

SONARJAVA-4345 Update rules metadata

SONARJAVA-4374 S5411: Improve rule message, title, and description

SONARJAVA-4381 S1135: Update metadata to be explicit about main code only scope

False-Positive

SONARJAVA-4098 FP S1612 method reference should not be suggested when replacement is longer that actual code

SONARJAVA-4255 FP S1185(MethodOnlyCallsSuperCheck) with different modifiers

SONARJAVA-4281 Rule S1313: Exclude local IPv4-mapped IPv6 address

SONARJAVA-4292 Rule S1313: Exclude reserved documentation IP ranges

SONARJAVA-4329 FP on rule S1612 when replacing lambda on Integer conversion to String

SONARJAVA-4331 S1213 should not raise issues on static fields placed at the top of records

SONARJAVA-4343 FP on S2699 (Missing assertions in tests) with latest versions of AssertJ (>3.19) and newly added assertions

SONARJAVA-4347 FP in S1144 When annotated parameters are present

SONARJAVA-4353 S131 FP on switch that covers all enum constants

SONARJAVA-4354 S2259 FP on Springframework 5 annotations

SONARJAVA-4363 FP on S2272 when the next/previous() method calls another one which itself throw the NoSuchElementException

SONARJAVA-4365 S5786 should not report issues on classes defining publicly visible constants

SONARJAVA-4372 FP in rule S6204 when Collections.shuffle() is used as a mutator

SONARJAVA-4382 S1191 should not raise issues on imports from `com.sun.*` packages

New Feature

SONARJAVA-4266 Rule S6432: Counter Mode initialization vectors should not be reused

False Negative

SONARJAVA-4250 FN in S2692 when the number is coming from a constant

SONARJAVA-4283 S5838 does not handle primitive type inequality operators correctly

Improvement

SONARJAVA-4265 Improve the rule message of S1120

SONARJAVA-4268 Rule S5542: Detect CBC mode when used with padding

SONARJAVA-4269 S1711 should clean up type names replacing dollar signs with periods

SONARJAVA-4351 Update S5411 documentation with SONARJAVA-3570 exceptions

SONARJAVA-4384 Replace method `symbol()` on `MethodInvocationTree` and `NewClassTree` with `methodSymbol()` in public API

7.15.0.30507

01 Nov 16:05
38560b8
Compare
Choose a tag to compare

Release notes - SonarJava - Version 7.15

Bug

SONARJAVA-4342 Nullness annotation on interface methods should be inherited in implementation methods

SONARJAVA-4341 IndexOutOfBoundsException when trying to access symbols of declared parameters of Compact constructor

SONARJAVA-4338 S1186: Inconsistent exceptions in documentation and implementation

SONARJAVA-4176 NPE in JSymbol.typeOwner

SONARJAVA-3529 S3958: Incorrect location in case of certain exceptional paths

Documentation

SONARJAVA-4333 Update sonar.java.jdkHome documentation

False Negative

SONARJAVA-4251 FN S2252(ForLoopFalseConditionCheck) does not support constants

False-Positive

SONARJAVA-4344 FP S3878 when the vararg has an array type

SONARJAVA-4336 S2384, 2386 should support methods from Guava returning immutable collections

SONARJAVA-4282 Exclude "com.sun.xml.ws" package from S1191 by default

SONARJAVA-4252 S2384, S2386 should support immutable collection creation from stream

SONARJAVA-4241 S1125: erroneous quick fix suggestion when negating a binary operation

SONARJAVA-4196 S5860 should cover methods start() and end() of 'java.util.regex.Matcher'

SONARJAVA-4072 FP S107 with Spring and micronaut annotations

SONARJAVA-4024 FP in S6019 because of RegexTreeHelper.isAnchoredAtEnd

SONARJAVA-3900 FP S3242(LeastSpecificTypeCheck) for functional interfaces

SONARJAVA-3896 FP S3329 should not raise when the IV is not defined

SONARJAVA-3890 S5996 should not raise an issue if $ is followed by a line break character

SONARJAVA-3668 FP on S1186: method annotated @Pointcut from AspectJ are often expected to be empty

Improvement

SONARJAVA-4335 S3776 should Ignore equals() and hashCode() methods similarly to S1541

SONARJAVA-4325 Change message suggestion for S3878 when method argument type is not Object

SONARJAVA-4257 Fix typo in S4605 message

New Feature

SONARJAVA-4349 Expose ClasspathForMain.getBinaryDirs() in public API

SONARJAVA-4348 Expose test classpath and binaries in the public API

Task

SONARJAVA-4346 Update rules metadata

SONARJAVA-4264 Remove deprecated common-java:DuplicatedBlocks rule from Sonar Way

7.14.0.30229

30 Sep 18:09
9079835
Compare
Choose a tag to compare

Release notes - SonarJava - Version 7.14

False-Positive

SONARJAVA-4330 Rule S2272: FP on method calls that are not next()

SONARJAVA-4242 SE should handle "booleanValue()" from Boolean wrapper

SONARJAVA-4174 S2259 should not raise an issue when a null variable is passed to Optional.ofNullable

SONARJAVA-4131 Add support of org.springframework.util.StringUtils#isEmpty

Improvement

SONARJAVA-4288 Update Analyzer Commons to 1.27: changes in Regex check and resources loading

SONARJAVA-4220 Update ECJ to 3.30.0

SONARJAVA-3891 Add support of org.apache.commons.lang3.ArrayUtils methods

New Feature

SONARJAVA-4284 Rules support PCI DSS Security Standard

SONARJAVA-4278 Rule S2068: Remove method checks

SONARJAVA-4275 Rule S6437: Credentials should not be hard-coded

Task

SONARJAVA-4332 Update rules metadata

7.13.0.29990

04 Jul 14:15
ed42c63
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 7.13

New Feature

  • [SONARJAVA-4133] - Rule S6241 Region should be set explicitly when creating a new AwsClient
  • [SONARJAVA-4134] - Rule S6242 Credentials Provider should be set explicitly when creating a new "AwsClient"
  • [SONARJAVA-4135] - Rule S6243 Reusable resources should be initialized at construction time of Lambda functions
  • [SONARJAVA-4136] - Rule S6244 Consumer Builders should be used
  • [SONARJAVA-4137] - Rule S6246 Lambdas should not invoke other lambdas synchronously
  • [SONARJAVA-4138] - Rule S6262 AWS region should not be set with a hardcoded String
  • [SONARJAVA-4139] - Rule S6263 Using Long-term access keys are security-sensitive

Task

Improvement

  • [SONARJAVA-4271] - Do not attempt to scan without parsing in a context where files cannot be skipped
  • [SONARJAVA-4276] - Message of S4968 should end with a full stop

7.12.1.29810

16 Jun 11:22
f02a272
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 7.12.1

Bug

  • [SONARJAVA-4267] - The Java analyzer crashes when running incremental analysis on generated files

False-Positive

  • [SONARJAVA-4243] - FP in S6205 when the content of the block is not an expression

7.12.0.29739

16 May 12:55
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 7.12

Bug

New Feature

  • [SONARJAVA-2940] - Rule S4968: The upper bound of wildcard parameterized types should not be "final"
  • [SONARJAVA-4149] - Rule S6326: Regular expressions should not contain multiple spaces
  • [SONARJAVA-4150] - Rule S6396: Superfluous curly brace quantifiers should be avoided
  • [SONARJAVA-4151] - Rule S6353: Regular expression quantifiers and character classes should be used concisely
  • [SONARJAVA-4152] - Rule S6397: Character classes in regular expressions should not contain only one character
  • [SONARJAVA-4154] - Rule S6331: Regular expressions should not contain empty groups
  • [SONARJAVA-4170] - Rule S6395: Non-capturing groups without quantifier should not be used
  • [SONARJAVA-4173] - Rule S6411 Types used as keys in Maps should implement Comparable
  • [SONARJAVA-4209] - Introduce caching capabilities for Java rules
  • [SONARJAVA-4222] - Rule S6418: Hard-coded secrets are security-sensitive
  • [SONARJAVA-4223] - S5693: Remove requirement to re-parse files on each PR analysis
  • [SONARJAVA-4224] - S4605: Remove requirement to re-parse files on each PR analysis
  • [SONARJAVA-4225] - S1228: Remove requirement to re-parse files on each PR analysis
  • [SONARJAVA-4226] - S4032: Remove requirement to re-parse files on each PR analysis

Task

  • [SONARJAVA-4214] - Compiler flag "enablePreviewFeatures" should be enable for java version >= maximum supported version
  • [SONARJAVA-4218] - Stop ignoring S2789 unit test related to javax.annotation.meta.When.NEVER
  • [SONARJAVA-4236] - Rely on released version of Analyzer Commons
  • [SONARJAVA-4245] - Extract ModuleScannerContext out InputFileScannerContext
  • [SONARJAVA-4246] - Expose the EndOfAnalysis interface as part of the plugin API
  • [SONARJAVA-4248] - Inroduce the notion of a module key that can be utilized by checks
  • [SONARJAVA-4249] - Rely on Analyzer Commons for regex helper classes
  • [SONARJAVA-4253] - Update rules metadata

Improvement

False-Positive

  • [SONARJAVA-4172] - S6206 should not report on non-final classes
  • [SONARJAVA-4204] - FP on S1221 when a method is overridden
  • [SONARJAVA-4219] - S1121 should not report an issue for assignment in Java 14 switch
  • [SONARJAVA-4221] - S6073 should support MockitoHamcrest adapter
  • [SONARJAVA-4227] - FP in S2068 and S6418: Secrets and Password should be correctly isolated in string literals
  • [SONARJAVA-4229] - FP S6418: Use frequency of character pairs to distinguish randomness
  • [SONARJAVA-4232] - S3398 : FP when reaching outer method from another instance

False Negative

7.11.0.29148

30 Mar 07:12
e0695da
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 7.11

Task

7.10.0.29108

25 Mar 13:06
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 7.10

Bug

  • [SONARJAVA-3693] - Allow to exclude generated "*_jsp.java" files from analysis
  • [SONARJAVA-4194] - Rule S1155 crash with stackoverflow when encountering large numbers of chained BinaryExpressionTrees
  • [SONARJAVA-4207] - JAR files passed to sonar.java.libraries should be unlocked when not needed anymore in Batch mode

New Feature

  • [SONARJAVA-4183] - Incremental PR analysis: Skip rules that don't need to be run on unchanged files
  • [SONARJAVA-4199] - Enable batch mode by default

Task

Improvement

  • [SONARJAVA-4179] - Logging of undefined types and missing libraries should be relevant in batch mode
  • [SONARJAVA-4198] - JSP files should be correctly analyzed in batch mode

False-Positive

  • [SONARJAVA-4094] - S1105: FP when using java 16 records and java 17 sealed classes' permitted types
  • [SONARJAVA-4193] - FP on S3329 in case of simple assigments of the IV