Releases: SonarSource/sonar-java
7.16.1.31255
Release notes - SonarJava - 7.16.1
Bug
SONARJAVA-4396 The Java analyzer distinguishes between changed and unchanged in files in PR context
7.17.0.31219
Release notes - SonarJava - 7.17
Bug
SONARJAVA-4402 Unit tests fail on any non English language OS
SONARJAVA-4418 S1068 dirty state in UnusedPrivateFieldCheck throws IllegalArgumentException repetitively
False-Positive
SONARJAVA-3995 FP S3400 when method can be overridden
SONARJAVA-4244 S3400 should report on boolean types
SONARJAVA-4254 FP S4684 when @Entity
are not converter from json automatically
SONARJAVA-4327 FP on S3937 when binary numbers
SONARJAVA-4328 FP on S2142 when `InterruptedException` is rethrown
SONARJAVA-4393 FP on S1105 due to Record conversion in JParser
SONARJAVA-4403 S3553 FP on overridden methods
SONARJAVA-4405 FP on S101 when classes extends java.util.ResourceBundle
SONARJAVA-4406 FP on S2142 when the InterruptedException is caught in an inner try-catch
Task
SONARJAVA-4394 Rule S1849: Refactor HasNextCallingNext rule to not use non-static inner class
SONARJAVA-4395 Rule S1114: In ObjectFinalizeOverridenCallsSuperFinalizeCheck lastStatementTree field is not always cleaned
SONARJAVA-4416 Update rules metadata
Improvement
SONARJAVA-3920 Add quick fixes for S5810 (JUnit5SilentlyIgnoreClassAndMethodCheck)
SONARJAVA-3924 Add quick fixes for S2129 (StringPrimitiveConstructorCheck)
SONARJAVA-3938 Add quick fixes for S4719 (StandardCharsetsConstantsCheck)
SONARJAVA-3959 Add quick fixes for S1656 (SelfAssignementCheck)
SONARJAVA-4185 Rules should not report FP when methods have an unknown parameter type
SONARJAVA-4187 S3329 should not report FP when the semantic is incomplete
SONARJAVA-4311 Add quick fixes for S1217 (ThreadRunCheck)
SONARJAVA-4314 Add quick fixes for S1450 (PrivateFieldUsedLocallyCheck)
SONARJAVA-4315 Add quick fixes for S1066 (CollapsibleIfCandidateCheck)
SONARJAVA-4317 Add quick fixes for S2147 (CombineCatchCheck)
SONARJAVA-4319 Add quick fixes for S2116 (ArrayHashCodeAndToStringCheck)
SONARJAVA-4321 Add quick fixes for S2225 (ToStringReturningNullCheck)
SONARJAVA-4350 Improve the suggested quick fix for S1068 when there are some writes to the variable
SONARJAVA-4352 Add quick fixes for S1132 (StringLiteralInsideEqualsCheck)
7.16.0.30901
Release notes - SonarJava - 7.16
Bug
SONARJAVA-4127 UnsupportedOperationException when computing the signature of a MethodSymbol
SONARJAVA-4279 S1612 should not report an issue with incomplete semantics
SONARJAVA-4356 Several regular expressions are inefficient
SONARJAVA-4370 Memory leak in rule S5852 RedosCheck because regexCreations field is never cleaned
SONARJAVA-4371 Memory leak in multiple symbolic execution-based rules
SONARJAVA-4386 Members of RECORD tree are not ordered
SONARJAVA-4390 NPE in ECJ should be catched by JType.isSubtype(...)
SONARJAVA-4391 NPE in LombokFilter
SONARJAVA-4392 NPE in DivisionByZeroCheck
Documentation
SONARJAVA-4345 Update rules metadata
SONARJAVA-4374 S5411: Improve rule message, title, and description
SONARJAVA-4381 S1135: Update metadata to be explicit about main code only scope
False-Positive
SONARJAVA-4098 FP S1612 method reference should not be suggested when replacement is longer that actual code
SONARJAVA-4255 FP S1185(MethodOnlyCallsSuperCheck) with different modifiers
SONARJAVA-4281 Rule S1313: Exclude local IPv4-mapped IPv6 address
SONARJAVA-4292 Rule S1313: Exclude reserved documentation IP ranges
SONARJAVA-4329 FP on rule S1612 when replacing lambda on Integer conversion to String
SONARJAVA-4331 S1213 should not raise issues on static fields placed at the top of records
SONARJAVA-4343 FP on S2699 (Missing assertions in tests) with latest versions of AssertJ (>3.19) and newly added assertions
SONARJAVA-4347 FP in S1144 When annotated parameters are present
SONARJAVA-4353 S131 FP on switch that covers all enum constants
SONARJAVA-4354 S2259 FP on Springframework 5 annotations
SONARJAVA-4363 FP on S2272 when the next/previous() method calls another one which itself throw the NoSuchElementException
SONARJAVA-4365 S5786 should not report issues on classes defining publicly visible constants
SONARJAVA-4372 FP in rule S6204 when Collections.shuffle() is used as a mutator
SONARJAVA-4382 S1191 should not raise issues on imports from `com.sun.*` packages
New Feature
SONARJAVA-4266 Rule S6432: Counter Mode initialization vectors should not be reused
False Negative
SONARJAVA-4250 FN in S2692 when the number is coming from a constant
SONARJAVA-4283 S5838 does not handle primitive type inequality operators correctly
Improvement
SONARJAVA-4265 Improve the rule message of S1120
SONARJAVA-4268 Rule S5542: Detect CBC mode when used with padding
SONARJAVA-4269 S1711 should clean up type names replacing dollar signs with periods
SONARJAVA-4351 Update S5411 documentation with SONARJAVA-3570 exceptions
SONARJAVA-4384 Replace method `symbol()` on `MethodInvocationTree` and `NewClassTree` with `methodSymbol()` in public API
7.15.0.30507
Release notes - SonarJava - Version 7.15
Bug
SONARJAVA-4342 Nullness annotation on interface methods should be inherited in implementation methods
SONARJAVA-4341 IndexOutOfBoundsException when trying to access symbols of declared parameters of Compact constructor
SONARJAVA-4338 S1186: Inconsistent exceptions in documentation and implementation
SONARJAVA-4176 NPE in JSymbol.typeOwner
SONARJAVA-3529 S3958: Incorrect location in case of certain exceptional paths
Documentation
SONARJAVA-4333 Update sonar.java.jdkHome documentation
False Negative
SONARJAVA-4251 FN S2252(ForLoopFalseConditionCheck) does not support constants
False-Positive
SONARJAVA-4344 FP S3878 when the vararg has an array type
SONARJAVA-4336 S2384, 2386 should support methods from Guava returning immutable collections
SONARJAVA-4282 Exclude "com.sun.xml.ws" package from S1191 by default
SONARJAVA-4252 S2384, S2386 should support immutable collection creation from stream
SONARJAVA-4241 S1125: erroneous quick fix suggestion when negating a binary operation
SONARJAVA-4196 S5860 should cover methods start() and end() of 'java.util.regex.Matcher'
SONARJAVA-4072 FP S107 with Spring and micronaut annotations
SONARJAVA-4024 FP in S6019 because of RegexTreeHelper.isAnchoredAtEnd
SONARJAVA-3900 FP S3242(LeastSpecificTypeCheck) for functional interfaces
SONARJAVA-3896 FP S3329 should not raise when the IV is not defined
SONARJAVA-3890 S5996 should not raise an issue if $
is followed by a line break character
SONARJAVA-3668 FP on S1186: method annotated @Pointcut
from AspectJ are often expected to be empty
Improvement
SONARJAVA-4335 S3776 should Ignore equals() and hashCode() methods similarly to S1541
SONARJAVA-4325 Change message suggestion for S3878 when method argument type is not Object
SONARJAVA-4257 Fix typo in S4605 message
New Feature
SONARJAVA-4349 Expose ClasspathForMain.getBinaryDirs() in public API
SONARJAVA-4348 Expose test classpath and binaries in the public API
Task
SONARJAVA-4346 Update rules metadata
SONARJAVA-4264 Remove deprecated common-java:DuplicatedBlocks rule from Sonar Way
7.14.0.30229
Release notes - SonarJava - Version 7.14
False-Positive
SONARJAVA-4330 Rule S2272: FP on method calls that are not next()
SONARJAVA-4242 SE should handle "booleanValue()" from Boolean wrapper
SONARJAVA-4174 S2259 should not raise an issue when a null variable is passed to Optional.ofNullable
SONARJAVA-4131 Add support of org.springframework.util.StringUtils#isEmpty
Improvement
SONARJAVA-4288 Update Analyzer Commons to 1.27: changes in Regex check and resources loading
SONARJAVA-4220 Update ECJ to 3.30.0
SONARJAVA-3891 Add support of org.apache.commons.lang3.ArrayUtils methods
New Feature
SONARJAVA-4284 Rules support PCI DSS Security Standard
SONARJAVA-4278 Rule S2068: Remove method checks
SONARJAVA-4275 Rule S6437: Credentials should not be hard-coded
Task
SONARJAVA-4332 Update rules metadata
7.13.0.29990
Release Notes - SonarJava - Version 7.13
New Feature
- [SONARJAVA-4133] - Rule S6241 Region should be set explicitly when creating a new AwsClient
- [SONARJAVA-4134] - Rule S6242 Credentials Provider should be set explicitly when creating a new "AwsClient"
- [SONARJAVA-4135] - Rule S6243 Reusable resources should be initialized at construction time of Lambda functions
- [SONARJAVA-4136] - Rule S6244 Consumer Builders should be used
- [SONARJAVA-4137] - Rule S6246 Lambdas should not invoke other lambdas synchronously
- [SONARJAVA-4138] - Rule S6262 AWS region should not be set with a hardcoded String
- [SONARJAVA-4139] - Rule S6263 Using Long-term access keys are security-sensitive
Task
- [SONARJAVA-4270] - Add performance timers on the cache-aware analysis paths
- [SONARJAVA-4280] - Update rules metadata
Improvement
- [SONARJAVA-4271] - Do not attempt to scan without parsing in a context where files cannot be skipped
- [SONARJAVA-4276] - Message of S4968 should end with a full stop
7.12.1.29810
Release Notes - SonarJava - Version 7.12.1
Bug
- [SONARJAVA-4267] - The Java analyzer crashes when running incremental analysis on generated files
False-Positive
- [SONARJAVA-4243] - FP in S6205 when the content of the block is not an expression
7.12.0.29739
Release Notes - SonarJava - Version 7.12
Bug
- [SONARJAVA-4231] - NPE in JType.normalize
New Feature
- [SONARJAVA-2940] - Rule S4968: The upper bound of wildcard parameterized types should not be "final"
- [SONARJAVA-4149] - Rule S6326: Regular expressions should not contain multiple spaces
- [SONARJAVA-4150] - Rule S6396: Superfluous curly brace quantifiers should be avoided
- [SONARJAVA-4151] - Rule S6353: Regular expression quantifiers and character classes should be used concisely
- [SONARJAVA-4152] - Rule S6397: Character classes in regular expressions should not contain only one character
- [SONARJAVA-4154] - Rule S6331: Regular expressions should not contain empty groups
- [SONARJAVA-4170] - Rule S6395: Non-capturing groups without quantifier should not be used
- [SONARJAVA-4173] - Rule S6411 Types used as keys in Maps should implement Comparable
- [SONARJAVA-4209] - Introduce caching capabilities for Java rules
- [SONARJAVA-4222] - Rule S6418: Hard-coded secrets are security-sensitive
- [SONARJAVA-4223] - S5693: Remove requirement to re-parse files on each PR analysis
- [SONARJAVA-4224] - S4605: Remove requirement to re-parse files on each PR analysis
- [SONARJAVA-4225] - S1228: Remove requirement to re-parse files on each PR analysis
- [SONARJAVA-4226] - S4032: Remove requirement to re-parse files on each PR analysis
Task
- [SONARJAVA-4214] - Compiler flag "enablePreviewFeatures" should be enable for java version >= maximum supported version
- [SONARJAVA-4218] - Stop ignoring S2789 unit test related to javax.annotation.meta.When.NEVER
- [SONARJAVA-4236] - Rely on released version of Analyzer Commons
- [SONARJAVA-4245] - Extract ModuleScannerContext out InputFileScannerContext
- [SONARJAVA-4246] - Expose the EndOfAnalysis interface as part of the plugin API
- [SONARJAVA-4248] - Inroduce the notion of a module key that can be utilized by checks
- [SONARJAVA-4249] - Rely on Analyzer Commons for regex helper classes
- [SONARJAVA-4253] - Update rules metadata
Improvement
- [SONARJAVA-3838] - Add support for TimeUnit.sleep() in S2925
- [SONARJAVA-4153] - Refactor S5842 using sonar-analyzer-commons
- [SONARJAVA-4155] - Refactor S5843 using sonar-analyzer-commons
- [SONARJAVA-4156] - Refactor S5850 using sonar-analyzer-commons
- [SONARJAVA-4157] - Refactor S5855 using sonar-analyzer-commons
- [SONARJAVA-4158] - Refactor S5857 using sonar-analyzer-commons
- [SONARJAVA-4159] - Refactor S5867 using sonar-analyzer-commons
- [SONARJAVA-4160] - Refactor S5868 using sonar-analyzer-commons
- [SONARJAVA-4161] - Refactor S5869 using sonar-analyzer-commons
- [SONARJAVA-4162] - Refactor S5994 using sonar-analyzer-commons
- [SONARJAVA-4163] - Refactor S5996 using sonar-analyzer-commons
- [SONARJAVA-4164] - Refactor S6001 using sonar-analyzer-commons
- [SONARJAVA-4165] - Refactor S6002 using sonar-analyzer-commons
- [SONARJAVA-4166] - Refactor S6019 using sonar-analyzer-commons
- [SONARJAVA-4167] - Refactor S6035 using sonar-analyzer-commons
- [SONARJAVA-4188] - S4423 should not report an issue when the version is not set
- [SONARJAVA-4215] - S1943 (default system encoding) should not report an issue for Java >= 18
- [SONARJAVA-4217] - Merge S1158 and S2131
- [SONARJAVA-4228] - S6377: update the issue message
- [SONARJAVA-4230] - Allow client-side disabling of caching
- [SONARJAVA-4234] - Allow caching to be disabled (or enabled) by an overriding analyzer flag
- [SONARJAVA-4235] - Improve SonarJava caching API
- [SONARJAVA-4240] - S5693 stores a single cache entry per file
False-Positive
- [SONARJAVA-4172] - S6206 should not report on non-final classes
- [SONARJAVA-4204] - FP on S1221 when a method is overridden
- [SONARJAVA-4219] - S1121 should not report an issue for assignment in Java 14 switch
- [SONARJAVA-4221] - S6073 should support MockitoHamcrest adapter
- [SONARJAVA-4227] - FP in S2068 and S6418: Secrets and Password should be correctly isolated in string literals
- [SONARJAVA-4229] - FP S6418: Use frequency of character pairs to distinguish randomness
- [SONARJAVA-4232] - S3398 : FP when reaching outer method from another instance
False Negative
- [SONARJAVA-4206] - FN on S3012 in case of do-while loop
7.11.0.29148
Release Notes - SonarJava - Version 7.11
Task
- [SONARJAVA-4216] - Enable preview features flag for Java 18
7.10.0.29108
Release Notes - SonarJava - Version 7.10
Bug
- [SONARJAVA-3693] - Allow to exclude generated "*_jsp.java" files from analysis
- [SONARJAVA-4194] - Rule S1155 crash with stackoverflow when encountering large numbers of chained BinaryExpressionTrees
- [SONARJAVA-4207] - JAR files passed to sonar.java.libraries should be unlocked when not needed anymore in Batch mode
New Feature
- [SONARJAVA-4183] - Incremental PR analysis: Skip rules that don't need to be run on unchanged files
- [SONARJAVA-4199] - Enable batch mode by default
Task
- [SONARJAVA-4197] - Fallback to file by file mode when a batch fails to parse
- [SONARJAVA-4200] - Document incremental analysis
- [SONARJAVA-4202] - Rules Sanity Test should include test files of compiler test sources
- [SONARJAVA-4210] - Update rules metadata
Improvement
- [SONARJAVA-4179] - Logging of undefined types and missing libraries should be relevant in batch mode
- [SONARJAVA-4198] - JSP files should be correctly analyzed in batch mode
False-Positive
- [SONARJAVA-4094] - S1105: FP when using java 16 records and java 17 sealed classes' permitted types
- [SONARJAVA-4193] - FP on S3329 in case of simple assigments of the IV