Skip to content

Releases: SonarSource/sonar-java

7.0.0.26422

08 Jun 13:12
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 7.0.0.26422

Bug

Task

Improvement

  • [SONARJAVA-3777] - Improve S1128 (Unused imports) rule precision by relying on compiler warnings
  • [SONARJAVA-3791] - Use jdk 16 for our builds
  • [SONARJAVA-3794] - Improve S1905 (Redundant cast) rule precision by relying on compiler warnings
  • [SONARJAVA-3806] - Improve S1656 (Self Assignment) rule precision by relying on compiler warnings
  • [SONARJAVA-3807] - Improve S4970 (Unreachable Catch) rule precision by relying on compiler warnings
  • [SONARJAVA-3840] - Regex rules should support concatenating pattern objects
  • [SONARJAVA-3858] - S5838 should support "length()"/"size()" followed by "isPositive()" simplification
  • [SONARJAVA-3859] - Update description for 'sonar.java.file.suffixes'
  • [SONARJAVA-3860] - Map ECJ Warnings to syntax trees
  • [SONARJAVA-3862] - Rework "MethodTree.isOverriding()" to match the contract in case of unknowns in hierarchy

False-Positive

  • [SONARJAVA-3822] - S6073 should not report on method invocation arguments that actually return an argument matcher
  • [SONARJAVA-3836] - S5786 should not raise issue on a class visibility if it contains public static method(s)
  • [SONARJAVA-3844] - Rules targeting tests should work with incomplete semantic
  • [SONARJAVA-3845] - Rules targeting unused elements should work with incomplete semantic
  • [SONARJAVA-3846] - Rules targeting returns should work with incomplete semantic
  • [SONARJAVA-3847] - Rules targeting parameters should work with incomplete semantic
  • [SONARJAVA-3848] - Rules targeting types should work with incomplete semantic
  • [SONARJAVA-3849] - Rules targeting control flow should work with incomplete semantic
  • [SONARJAVA-3850] - Rules targeting class members should work with incomplete semantic
  • [SONARJAVA-3851] - Rules targeting methods calls should work with incomplete semantic
  • [SONARJAVA-3852] - Rules targeting methods should work with incomplete semantic
  • [SONARJAVA-3857] - FP S131 for a switch on an unknown symbol

False Negative

  • [SONARJAVA-3841] - FN in S5998 (regex stackoverflow) for possessive quantifiers

6.15.1.26025

29 Apr 14:38
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 6.15.1.26025

Bug

  • [SONARJAVA-3808] - NPE in JMethodSymbol.overriddenSymbol
  • [SONARJAVA-3812] - Analysis should stop without logging when a CancellationException is thrown

Task

  • [SONARJAVA-3815] - Update rules metadata
  • [SONARJAVA-3817] - Remove rules resulting in failing tests from default quality profile
  • [SONARJAVA-3821] - Do not ship "sonar-plugin-api" implementation class with the analyzer components

Improvement

False-Positive

  • [SONARJAVA-3797] - FP in S1854 for effective-final assignment of variables used in a lambda
  • [SONARJAVA-3798] - FP in S1258 and S3749 when using Lombok "@DaTa" annotation
  • [SONARJAVA-3804] - FP in S3077 when volatile is used with @immutable and @threadsafe annotations
  • [SONARJAVA-3809] - S5979 should not report on objects initialized with `MockitoJUnit.rule()` followed by options
  • [SONARJAVA-3811] - Rule S5542 should not be triggered when using CBC mode
  • [SONARJAVA-3814] - S6212 should not suggest to use "var" when the initializer is a lambda or a method reference

False Negative

6.15.0.25849

15 Apr 07:49
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version  6.15.0.25849

Bug

  • [SONARJAVA-3786] - Delete rule RSPEC-4603
  • [SONARJAVA-3788] - Fix IndexOutOfBoundsException in S1166 (CatchUsesExceptionWithContextCheck:307)
  • [SONARJAVA-3789] - Fix ClassCastException in S6202 (IsInstanceMethodCheck:70)
  • [SONARJAVA-3790] - Fix ClassCastException in S5411 (BoxedBooleanExpressionsCheck:158)
  • [SONARJAVA-3792] - Compilation of custom rule project fails due to missing metadata files

New Feature

  • [SONARJAVA-3716] - Provide a user property to produce performance metrics
  • [SONARJAVA-3741] - Rule S6202: Operator "instanceof" should be used instead of "A.class.isInstance()"
  • [SONARJAVA-3743] - Rule S6203: Text blocks should not be used in complex expression
  • [SONARJAVA-3749] - Rule S6205: Switch arrow labels should not use redundant keywords
  • [SONARJAVA-3753] - Rule S6208: Comma-separated labels should be used in Switch with colon case
  • [SONARJAVA-3759] - Rule S6212: Local-Variable Type Inference (var) should be used
  • [SONARJAVA-3761] - Rule S6213: Restricted Identifiers should not be used as Identifiers

Task

  • [SONARJAVA-3714] - Collect SquidSensor runtime data
  • [SONARJAVA-3717] - Increase reliability of cirrus-ci nightly analyses by restarting some failed jobs
  • [SONARJAVA-3720] - Push internal CI performance metrics to repository
  • [SONARJAVA-3721] - Enable performance measurement for ruling
  • [SONARJAVA-3722] - Compute measurement cost in performance metrics
  • [SONARJAVA-3726] - Update tutorial with SQ 8.8 and latest embedded release of SonarJava
  • [SONARJAVA-3728] - Update rules metadata
  • [SONARJAVA-3793] - Drop usage of deprecated internal method "hasSemantic()" in our rules

Improvement

  • [SONARJAVA-3666] - Add text block support for regex rules
  • [SONARJAVA-3715] - Add size of file to slowest files analyzed output
  • [SONARJAVA-3732] - Execute the move of the regex parser into analyzer-commons
  • [SONARJAVA-3736] - Support Text Block in rules relying on String literals from expressions
  • [SONARJAVA-3737] - Improve rules relying on String literals to support identifier from a final or effectively final variable.
  • [SONARJAVA-3744] - Extend existing rules to support Switch Expression
  • [SONARJAVA-3751] - Extend S4738 to suggest Java 9 "List.of", "Map.of", "Set.of" instead of Guava
  • [SONARJAVA-3762] - S5838 should support Java 11 "String.isBlank()"
  • [SONARJAVA-3766] - Improve rule description for ReDoS
  • [SONARJAVA-3778] - Fix performance hotspots in S103 due to slow regex
  • [SONARJAVA-3781] - All method overrides should be returned instead of only the first one
  • [SONARJAVA-3787] - Children of Switch Statement should not be a Switch Expression
  • [SONARJAVA-3796] - Fix possible Catastrophic backtracking in regex for S3518: Division by zero rule

False-Positive

  • [SONARJAVA-3731] - S5786 should not report on abstract classes or overridding test methods
  • [SONARJAVA-3734] - FP in S5979 when "ExtendWith" annotation is coming from a meta-annotation
  • [SONARJAVA-3750] - S1199 should not report an issue for any Switch case containing a block
  • [SONARJAVA-3772] - FP in S1943: Do not report an issue on any usage of Java 11 FileWriter and FileReader
  • [SONARJAVA-3774] - S2755 should not raise when a non null resolver is set with XMLInputFactory.setXMLResolver
  • [SONARJAVA-3776] - Fix FPs in S4276 when the generic argument left is a primitive wrapper

False Negative

  • [SONARJAVA-3757] - "Nullable" from eclipse should be considered as a Strong Nullable.

6.14.0.25463

19 Mar 16:12
b79132d
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version  6.14.0.25463

Task

Improvement

  • [SONARJAVA-3215] - S1166 add heuristics to support custom log frameworks
  • [SONARJAVA-3558] - Issue filter should extends its filter to IDE-specific suppressed warnings
  • [SONARJAVA-3568] - S5852 should use automata to increase its accuracy
  • [SONARJAVA-3624] - Regex FP/FN with Supplementary Multilingual Plane
  • [SONARJAVA-3629] - Improve S6002 RegexLookaheadCheck to support negative lookahead
  • [SONARJAVA-3636] - Improve secondary message for regex rules when issues are reported across different string literals
  • [SONARJAVA-3689] - Improve rule S110 to not report when hierarchy is too big already in library code
  • [SONARJAVA-3701] - Prepare the move of the regex parser into its own project
  • [SONARJAVA-3729] - Change S4434 to a security-hotspot
  • [SONARJAVA-3730] - Add an exception to rule S121 for early returns
  • [SONARJAVA-3733] - ReDoS: Don't call cubic and worse runtimes quadratic
  • [SONARJAVA-3735] - Upgrade ECJ to 3.25.0

False-Positive

  • [SONARJAVA-3570] - Relax Rule S5411 for boxed booleans if there is a null-checked before
  • [SONARJAVA-3603] - FP on S4276 when Function is using "compose" or "andThen" methods
  • [SONARJAVA-3625] - Possible FP in S5998 when using backreferences to large groups
  • [SONARJAVA-3631] - FP in S6001 parsing of multi-digit backreferences
  • [SONARJAVA-3635] - S2384 should not raise an issue when mutable members in temporary variable are not stored
  • [SONARJAVA-3669] - S2325 should not raise on empty methods
  • [SONARJAVA-3696] - S2755 should not raise when a xml document is build
  • [SONARJAVA-3706] - FP in S2384, S2386: support any unmodifiable and immutable methods
  • [SONARJAVA-3713] - FP in S5852 (ReDoS) involving possessive quantifiers
  • [SONARJAVA-3747] - FPs in S5852 when repetition overlaps with non-repetition part

False Negative

  • [SONARJAVA-2745] - FN on S2142: no issue raised when catching the generic Exception
  • [SONARJAVA-3639] - FN in S5994 when `*+` is followed by a repetition
  • [SONARJAVA-3640] - FN in S6002 for full matches and anchored patterns
  • [SONARJAVA-3641] - FN in S5998
  • [SONARJAVA-3653] - S5996 should raise issues even if the regex can match the empty string
  • [SONARJAVA-3710] - Include Eclipse’s NonNullByDefault annotation on nonNullFields check

6.13.0.25138

22 Feb 17:32
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 6.13.0.25138

Bug

  • [SONARJAVA-3690] - Update SonarQube Api to be compatible with the latest SQ

New Feature

  • [SONARJAVA-2929] - Rule S2053: Hashes should include an unpredictable salt
  • [SONARJAVA-3462] - Rule S4036: Searching OS commands in PATH is security-sensitive
  • [SONARJAVA-3674] - Rule S5659: JWT should be signed and verified with strong cipher algorithms
  • [SONARJAVA-3675] - Rule S5332: Using clear-text protocols is security-sensitive
  • [SONARJAVA-3676] - Rule S5689: Disclosing fingerprints from web application technologies is security-sensitive
  • [SONARJAVA-3677] - Rule S5443: Using publicly writable directories is security-sensitive
  • [SONARJAVA-3679] - Rule S5693: Allowing requests with excessive content length is security-sensitive
  • [SONARJAVA-3681] - Rule S5247: Disabling auto-escaping in template engines is security-sensitive

Task

Improvement

  • [SONARJAVA-3660] - S2077 update message for primary and secondary locations
  • [SONARJAVA-3663] - S2976 implementation moved to S5445
  • [SONARJAVA-3664] - S4738 reports usage of Guava "createTempDir"
  • [SONARJAVA-3686] - Deprecate rule S4834
  • [SONARJAVA-3692] - Extract Symbolic Execution Engine and Checks from "java-frontend" module
  • [SONARJAVA-3694] - Improve rule S1612 to replace instanceof lambda with method reference
  • [SONARJAVA-3698] - Extract Check Verifier from "java-frontend" module into testkit

False-Positive

  • [SONARJAVA-3278] - FP on S2115: JDBC connection string should not raise when password property is not used
  • [SONARJAVA-3532] - S5042 should focus on zipbomb attacks
  • [SONARJAVA-3648] - FP on S2384 (MutableMembersUsageCheck) for enum constructors
  • [SONARJAVA-3649] - FP on S1157 (CaseInsensitiveComparisonCheck) when only one side is upper or lower case
  • [SONARJAVA-3678] - FP in S5853 when map/flatMap is used
  • [SONARJAVA-3684] - S2755 should not raise an issue when DocumentBuilder EntityResolver is customized
  • [SONARJAVA-3685] - FP in S1125 when using null
  • [SONARJAVA-3687] - S5979 should not report on classes annotated with JUnit5's @nested when the enclosing class properly initializes annotated objects
  • [SONARJAVA-3688] - FP on S5860(UnusedGroupNamesCheck) for name referenced by dollar curly braces

False Negative

  • [SONARJAVA-3469] - FN in S1219 when using blocks
  • [SONARJAVA-3683] - S4502 should raise when CSRF protection is disabled on specific routes

6.12.0.24852

01 Feb 14:51
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 6.12.0.24852

Bug

  • [SONARJAVA-3487] - [Java 14 - Records preview feature] NPE when accessing recordComponent.owner()
  • [SONARJAVA-3488] - [Java 14 - Records preview feature] NPE when computing metrics of methods
  • [SONARJAVA-3489] - [Java 14 - Records preview feature] S1123 NPE when visiting records
  • [SONARJAVA-3490] - [Java 14 - Records preview feature] S1117 NPE when visiting records

New Feature

  • [SONARJAVA-2961] - Rule S4977: Type parameters should not shadow other type parameters
  • [SONARJAVA-3255] - Rule S5663: Simple string literal should be used for single line strings
  • [SONARJAVA-3256] - Rule S5664: Whitespace for text block indent should be consistent
  • [SONARJAVA-3257] - Rule S5665: Escape sequences should not be used in text blocks
  • [SONARJAVA-3505] - Upgrade to ECJ 3.24 to enable support of Java 15
  • [SONARJAVA-3606] - Rule S5979: Annotated Mockito objects should be initialized
  • [SONARJAVA-3658] - Add support of Java 15 Text Blocks with a new dedicated Kind: TEXT_BLOCK
  • [SONARJAVA-3670] - Rule S6126: String multiline concatenation can be replaced with a Text block

Task

Improvement

  • [SONARJAVA-3114] - Message about missing bytecode dependencies should appear only when dependencies are actually missing
  • [SONARJAVA-3563] - Report 10 slowest analyzed files
  • [SONARJAVA-3657] - Improve S3986 to cover DateTimeFormatter
  • [SONARJAVA-3665] - Add support of Text Blocks in S2973 (Escaped unicode characters)
  • [SONARJAVA-3667] - Fix text block support in S2479
  • [SONARJAVA-3671] - Improve rule S1192 to Support Text blocks
  • [SONARJAVA-3672] - S1213 Check order of static and instance variables

False-Positive

  • [SONARJAVA-3659] - S2755 should not raise an issue when "EntityResolver" is customized
  • [SONARJAVA-3661] - FP on S2259 (Null Pointer Dereference) when using MapUtils from Apache Collections
  • [SONARJAVA-3662] - Improve rule S2142 to check methods called inside catch block

6.11.0.24617

13 Jan 06:44
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 6.11.0.24617

Bug

  • [SONARJAVA-3609] - JAR files passed to sonar.java.libraries remain locked after the analysis on Windows
  • [SONARJAVA-3652] - SuppressWarnings Filter lose knowledge of filtered lines

New Feature

  • [SONARJAVA-3614] - Rule S6073: Mockito argument matchers should be used on all parameters
  • [SONARJAVA-3630] - Rule S6103: AssertJ assertions with "Consumer" arguments should contain assertion inside consumers
  • [SONARJAVA-3632] - Rule S6104: Map "computeIfAbsent()" should not be used to add "null" values.
  • [SONARJAVA-3637] - Introduce "sonar.java.jdkHome" to specify the JDK to be used by the analyzer to resolve JDK types

Task

Improvement

False-Positive

  • [SONARJAVA-3467] - FP on S1948 when using both field and setter/constructor injection
  • [SONARJAVA-3574] - S2755 FP when Factory is declared with lombok "val"
  • [SONARJAVA-3578] - FP in S2147 when the type of the Exception is needed inside the body.
  • [SONARJAVA-3620] - FP in S2384 when unmodifiable collection is returned from a non-final field
  • [SONARJAVA-3628] - FP in S5853 when assertions "flatExtracting" prevent the chaining
  • [SONARJAVA-3633] - FP in S4032 when there are several source directories
  • [SONARJAVA-3642] - FP in S1874 when parent constructor is deprecated but not used
  • [SONARJAVA-3647] - FP in S1481 when "for-each" variable nested in a lambda is actually used in the body
  • [SONARJAVA-3650] - FP in S2970 for nested class using JUnit 5 Soft assertions extension.

False Negative

  • [SONARJAVA-3555] - S4830 should support X509ExtendedTrustManager
  • [SONARJAVA-3575] - FN in S2095: support Apache commons IOUtils methods not closing the stream
  • [SONARJAVA-3626] - FN Rule S3824: Apply the same SymbolicValue for static constants or enum constants when used as MemberSelect

6.10.0.24201

07 Dec 21:45
5b61d27
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 6.10.0.24201

Bug

  • [SONARJAVA-3056] - Classes for the analysis are loaded with parent first strategy
  • [SONARJAVA-3602] - JavaCheckVerifier does not support consistent behavior when having multiple issues reported on the same line

New Feature

  • [SONARJAVA-3550] - Rule S5994: Regex patterns following a possessive quantifier should not always fail
  • [SONARJAVA-3552] - Rule S5996: Regex boundaries should not be used in a way that can never match
  • [SONARJAVA-3554] - Rule S5998: Regular expressions should not overflow the stack
  • [SONARJAVA-3557] - Rule S6001: Back references in regular expressions should only refer to capturing groups that are matched before the reference
  • [SONARJAVA-3560] - Rule S6002: Regex lookahead assertions should not be contradictory
  • [SONARJAVA-3566] - Rule S5855: Regex alternatives should not be redundant
  • [SONARJAVA-3567] - Rule S6019: Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string
  • [SONARJAVA-3572] - Rule S6035: Single-character alternations in regular expressions should be replaced with character classes
  • [SONARJAVA-3608] - Rule S6068: Call to Mockito method "verify", "when" or "given" should be simplified
  • [SONARJAVA-3610] - Rule S6070: The regex escape sequence \cX should only be used with characters in the @-_ range

Task

Improvement

False-Positive

  • [SONARJAVA-3470] - Add more exceptions to S107
  • [SONARJAVA-3545] - Rule S4973 shouldn't report an issue if "==" is used to compare Boolean constants
  • [SONARJAVA-3565] - FP on S1948 when using SpringBean from Apache Wicket
  • [SONARJAVA-3571] - FP on S1948 when collection implements Serializable
  • [SONARJAVA-3577] - FP in S3457 when slf4j log arguments contains a concatenation and a single Throwable
  • [SONARJAVA-3579] - FP in S1170 when class is annotated with @lombok.Builder and field with @default
  • [SONARJAVA-3580] - FP in S2390: do not report an issue on static class nested in the parent.
  • [SONARJAVA-3586] - Support Nullable annotation from reactor-core
  • [SONARJAVA-3598] - FP in S2973 when symbol is in lowercase
  • [SONARJAVA-3599] - FP in S2226 for non final Servlet fields initialized in init() method without parameters
  • [SONARJAVA-3605] - FP in S3305 when field has an initializer
  • [SONARJAVA-3612] - FP in S1185 when class is annotated "@transactional"
  • [SONARJAVA-3613] - FP in S1193 when the catch block contains more code
  • [SONARJAVA-3615] - FP in S1905 when casted argument is a method reference to a varargs.
  • [SONARJAVA-3617] - S1170 should not raise an issue when the initializer contains "this" or "super"
  • [SONARJAVA-3618] - FP on S3438 when "value" is set inside the property tag
  • [SONARJAVA-3619] - FP S2589 when Boolean variable doesn't always evaluate to TRUE/FALSE
  • [SONARJAVA-3621] - Union of Unknown types should be Unknown

False Negative

  • [SONARJAVA-3130] - S3824: raise issue when "containsKey" is used
  • [SONARJAVA-3482] - Support character classes as operand to reluctant quantifier in rule S5857
  • [SONARJAVA-3483] - FN in S5869 with escaped character classes

6.9.0.23563

05 Oct 08:31
970d69b
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 6.9.0.23563

Bug

  • [SONARJAVA-3285] - Java 13/14 preview feature "Text Block" produce highlighting IllegalArgumentException
  • [SONARJAVA-3541] - NPE in Symbolic Execution engine when dealing with java 14 switch expressions without default

New Feature

  • [SONARJAVA-3374] - Rule S5804 allowing user enumeration is security-sensitive
  • [SONARJAVA-3396] - Rule S5808 Authorizations should be based on strong decisions
  • [SONARJAVA-3411] - Rule S5876 A new session should be created during user authentication
  • [SONARJAVA-3542] - RSPEC-5993 Constructors of an "abstract" class should not be declared "public"

Task

Improvement

  • [SONARJAVA-3376] - Rule S3752: from Vulnerability to Security Hotspot and small improvements on the detection algorithm
  • [SONARJAVA-3414] - Rule S4790: its content should be replaced by S2070
  • [SONARJAVA-3472] - Document wildcards pattern in rule's parameters (S110, S1176)
  • [SONARJAVA-3478] - S2201: Support common Collection and Map methods
  • [SONARJAVA-3525] - S2333 supports redundant modifiers on nested interfaces and classes
  • [SONARJAVA-3536] - Consistently support Nullable/CheckForNull/Nonnull annotations in rules
  • [SONARJAVA-3539] - FP in S5845 when BigDecimal and BigInteger are compared with string

False-Positive

False Negative

  • [SONARJAVA-3388] - Rule S2070 should support "org.springframework.util.DigestUtils"
  • [SONARJAVA-3538] - S5853 does not handle custom assertions

6.8.0.23379

23 Sep 13:50
Compare
Choose a tag to compare
    Release Notes - SonarJava - Version 6.8

New Feature

  • [SONARJAVA-3372] - Rule S5803: Class members annotated with @VisibleForTesting should not be accessed from production code
  • [SONARJAVA-3509] - Rule S5958: AssertJ "assertThatThrownBy" should not be used alone
  • [SONARJAVA-3511] - Rule S5961: Test methods should not contain too many assertions
  • [SONARJAVA-3514] - Rule S5967: Tests method should not be annotated with competing annotations
  • [SONARJAVA-3515] - Rule S5960: Assertions should not be used in production code
  • [SONARJAVA-3516] - Rule S5969: Mocking all non-private methods of a class should be avoided
  • [SONARJAVA-3517] - Rule S5970: Spring's ModelAndViewAssert assertions should be used instead of other assertions
  • [SONARJAVA-3522] - Rule S3414: Tests should be kept in a dedicated source directory
  • [SONARJAVA-3524] - Rule S5973: Tests should be stable
  • [SONARJAVA-3526] - Rule S5976: Similar tests should be grouped in a single Parameterized test
  • [SONARJAVA-3527] - Rule S5977: Tests should use fixed data instead of randomized data

Task

Improvement

  • [SONARJAVA-3476] - Improve issue location for S5843
  • [SONARJAVA-3481] - Add missing escape sequences to regex parser
  • [SONARJAVA-3485] - Change issue type of S899 to Bug
  • [SONARJAVA-3492] - S1215 should detect "System.runFinalization()" the same way it detects System.gc()
  • [SONARJAVA-3500] - Support latest version of Play framework in S3330 and S2092
  • [SONARJAVA-3513] - Improve S5810 to support static and test methods with return values
  • [SONARJAVA-3518] - S125: reports issue on whole commented block
  • [SONARJAVA-3521] - SuppressWarnings Filter should remove issue of S3740 when "rawTypes" is used
  • [SONARJAVA-3523] - Extend S3415 (Arguments order) to support TestNG assertions
  • [SONARJAVA-3531] - S2187 should consider methods annotated with "@State" from Pact framework as test methods

False-Positive

  • [SONARJAVA-3477] - S1214 should report only when an interface contains only constants
  • [SONARJAVA-3498] - FP in S1193 for instance of non-throwable types
  • [SONARJAVA-3504] - FP on S1948 for fields having non-serializable interface as type but serializable type as initializer
  • [SONARJAVA-3506] - FP in S2275 when second argument of String.format is an array
  • [SONARJAVA-3507] - FP in S3012 when copying array of primitives types to a Collection
  • [SONARJAVA-3519] - FP on S3878 when the argument before the vararg is also an array
  • [SONARJAVA-3528] - FP on S5778 when calling mockito methods
  • [SONARJAVA-3530] - FP on S3577 when test class ends with "Tests" or is an abstract class
  • [SONARJAVA-3534] - FP S3077(VolatileNonPrimitiveFieldCheck) should consider enum as immutable

False Negative

  • [SONARJAVA-3491] - FN S2789 (NullShouldNotBeUsedWithOptionalCheck) on null assignment
  • [SONARJAVA-3501] - FN on Unused Imports when using Lombok