Releases: SonarSource/sonar-java
7.20.0.31692
Release notes - SonarJava - 7.20
Bug
SONARJAVA-4233 Constants accessed with member-select create different SV every time when placed in loops
SONARJAVA-4420 S3518 crashes with IndexOutOfBoundsException for certain inputs
False Negative
SONARJAVA-2126 Unboxing of NULL primitive wrapper raises NPE and should be detected by S2259 (NullDereferenceCheck)
SONARJAVA-4475 FN on S2589 when a constant is outside method scope
Task
SONARJAVA-4498 Upgrade sonar-analyzer-commons 2.5.0.1358
SONARJAVA-4499 Update rules metadata
Improvement
SONARJAVA-4097 Stop method SE at the first unknown method call symbol in Autoscan context
SONARJAVA-4286 Support "ZERO" constraints in (hardcoded) method behaviors
SONARJAVA-4423 Symbolic execution rules metadata should be tagged with "symbolic execution"
SONARJAVA-4442 S3518 DivisionByZeroCheck reports misleading secondary locations
7.19.0.31550
Release notes - SonarJava - 7.19
Breaking change: If you are using Java 19+ preview features, now SonarJava does not enable them automatically, you need to set sonar.java.enablePreview=true explicitly.
False Negative
SONARJAVA-4443 Rule S6437: Add jjwt support
New Feature
SONARJAVA-4369 S6485: Hash-based collections with known capacity should be initialized with the proper related static method
SONARJAVA-4464 Add a new "sonar.java.enablePreview" analysis parameter, disabled by default
Task
SONARJAVA-4468 Update rule metadata
Improvement
SONARJAVA-4378 Update ECJ to 3.33.0
7.18.0.31443
Release notes - SonarJava - 7.18
Bug
SONARJAVA-4396 The Java analyzer distinguishes between changed and unchanged in files in PR context
New Feature
SONARJAVA-4433 S6539: Class depends on an excessive number of classes
SONARJAVA-4434 S6541: Methods should not perform too many tasks (Brain method)
SONARJAVA-4440 S6548: Identify Singleton Design Patterns
Task
SONARJAVA-4455 Update Rules Metadata
Improvement
SONARJAVA-4277 Fix S1142 message wording and secondaries
7.16.1.31255
Release notes - SonarJava - 7.16.1
Bug
SONARJAVA-4396 The Java analyzer distinguishes between changed and unchanged in files in PR context
7.17.0.31219
Release notes - SonarJava - 7.17
Bug
SONARJAVA-4402 Unit tests fail on any non English language OS
SONARJAVA-4418 S1068 dirty state in UnusedPrivateFieldCheck throws IllegalArgumentException repetitively
False-Positive
SONARJAVA-3995 FP S3400 when method can be overridden
SONARJAVA-4244 S3400 should report on boolean types
SONARJAVA-4254 FP S4684 when @Entity are not converter from json automatically
SONARJAVA-4327 FP on S3937 when binary numbers
SONARJAVA-4328 FP on S2142 when `InterruptedException` is rethrown
SONARJAVA-4393 FP on S1105 due to Record conversion in JParser
SONARJAVA-4403 S3553 FP on overridden methods
SONARJAVA-4405 FP on S101 when classes extends java.util.ResourceBundle
SONARJAVA-4406 FP on S2142 when the InterruptedException is caught in an inner try-catch
Task
SONARJAVA-4394 Rule S1849: Refactor HasNextCallingNext rule to not use non-static inner class
SONARJAVA-4395 Rule S1114: In ObjectFinalizeOverridenCallsSuperFinalizeCheck lastStatementTree field is not always cleaned
SONARJAVA-4416 Update rules metadata
Improvement
SONARJAVA-3920 Add quick fixes for S5810 (JUnit5SilentlyIgnoreClassAndMethodCheck)
SONARJAVA-3924 Add quick fixes for S2129 (StringPrimitiveConstructorCheck)
SONARJAVA-3938 Add quick fixes for S4719 (StandardCharsetsConstantsCheck)
SONARJAVA-3959 Add quick fixes for S1656 (SelfAssignementCheck)
SONARJAVA-4185 Rules should not report FP when methods have an unknown parameter type
SONARJAVA-4187 S3329 should not report FP when the semantic is incomplete
SONARJAVA-4311 Add quick fixes for S1217 (ThreadRunCheck)
SONARJAVA-4314 Add quick fixes for S1450 (PrivateFieldUsedLocallyCheck)
SONARJAVA-4315 Add quick fixes for S1066 (CollapsibleIfCandidateCheck)
SONARJAVA-4317 Add quick fixes for S2147 (CombineCatchCheck)
SONARJAVA-4319 Add quick fixes for S2116 (ArrayHashCodeAndToStringCheck)
SONARJAVA-4321 Add quick fixes for S2225 (ToStringReturningNullCheck)
SONARJAVA-4350 Improve the suggested quick fix for S1068 when there are some writes to the variable
SONARJAVA-4352 Add quick fixes for S1132 (StringLiteralInsideEqualsCheck)
7.16.0.30901
Release notes - SonarJava - 7.16
Bug
SONARJAVA-4127 UnsupportedOperationException when computing the signature of a MethodSymbol
SONARJAVA-4279 S1612 should not report an issue with incomplete semantics
SONARJAVA-4356 Several regular expressions are inefficient
SONARJAVA-4370 Memory leak in rule S5852 RedosCheck because regexCreations field is never cleaned
SONARJAVA-4371 Memory leak in multiple symbolic execution-based rules
SONARJAVA-4386 Members of RECORD tree are not ordered
SONARJAVA-4390 NPE in ECJ should be catched by JType.isSubtype(...)
SONARJAVA-4391 NPE in LombokFilter
SONARJAVA-4392 NPE in DivisionByZeroCheck
Documentation
SONARJAVA-4345 Update rules metadata
SONARJAVA-4374 S5411: Improve rule message, title, and description
SONARJAVA-4381 S1135: Update metadata to be explicit about main code only scope
False-Positive
SONARJAVA-4098 FP S1612 method reference should not be suggested when replacement is longer that actual code
SONARJAVA-4255 FP S1185(MethodOnlyCallsSuperCheck) with different modifiers
SONARJAVA-4281 Rule S1313: Exclude local IPv4-mapped IPv6 address
SONARJAVA-4292 Rule S1313: Exclude reserved documentation IP ranges
SONARJAVA-4329 FP on rule S1612 when replacing lambda on Integer conversion to String
SONARJAVA-4331 S1213 should not raise issues on static fields placed at the top of records
SONARJAVA-4343 FP on S2699 (Missing assertions in tests) with latest versions of AssertJ (>3.19) and newly added assertions
SONARJAVA-4347 FP in S1144 When annotated parameters are present
SONARJAVA-4353 S131 FP on switch that covers all enum constants
SONARJAVA-4354 S2259 FP on Springframework 5 annotations
SONARJAVA-4363 FP on S2272 when the next/previous() method calls another one which itself throw the NoSuchElementException
SONARJAVA-4365 S5786 should not report issues on classes defining publicly visible constants
SONARJAVA-4372 FP in rule S6204 when Collections.shuffle() is used as a mutator
SONARJAVA-4382 S1191 should not raise issues on imports from `com.sun.*` packages
New Feature
SONARJAVA-4266 Rule S6432: Counter Mode initialization vectors should not be reused
False Negative
SONARJAVA-4250 FN in S2692 when the number is coming from a constant
SONARJAVA-4283 S5838 does not handle primitive type inequality operators correctly
Improvement
SONARJAVA-4265 Improve the rule message of S1120
SONARJAVA-4268 Rule S5542: Detect CBC mode when used with padding
SONARJAVA-4269 S1711 should clean up type names replacing dollar signs with periods
SONARJAVA-4351 Update S5411 documentation with SONARJAVA-3570 exceptions
SONARJAVA-4384 Replace method `symbol()` on `MethodInvocationTree` and `NewClassTree` with `methodSymbol()` in public API
7.15.0.30507
Release notes - SonarJava - Version 7.15
Bug
SONARJAVA-4342 Nullness annotation on interface methods should be inherited in implementation methods
SONARJAVA-4341 IndexOutOfBoundsException when trying to access symbols of declared parameters of Compact constructor
SONARJAVA-4338 S1186: Inconsistent exceptions in documentation and implementation
SONARJAVA-4176 NPE in JSymbol.typeOwner
SONARJAVA-3529 S3958: Incorrect location in case of certain exceptional paths
Documentation
SONARJAVA-4333 Update sonar.java.jdkHome documentation
False Negative
SONARJAVA-4251 FN S2252(ForLoopFalseConditionCheck) does not support constants
False-Positive
SONARJAVA-4344 FP S3878 when the vararg has an array type
SONARJAVA-4336 S2384, 2386 should support methods from Guava returning immutable collections
SONARJAVA-4282 Exclude "com.sun.xml.ws" package from S1191 by default
SONARJAVA-4252 S2384, S2386 should support immutable collection creation from stream
SONARJAVA-4241 S1125: erroneous quick fix suggestion when negating a binary operation
SONARJAVA-4196 S5860 should cover methods start() and end() of 'java.util.regex.Matcher'
SONARJAVA-4072 FP S107 with Spring and micronaut annotations
SONARJAVA-4024 FP in S6019 because of RegexTreeHelper.isAnchoredAtEnd
SONARJAVA-3900 FP S3242(LeastSpecificTypeCheck) for functional interfaces
SONARJAVA-3896 FP S3329 should not raise when the IV is not defined
SONARJAVA-3890 S5996 should not raise an issue if $ is followed by a line break character
SONARJAVA-3668 FP on S1186: method annotated @Pointcut from AspectJ are often expected to be empty
Improvement
SONARJAVA-4335 S3776 should Ignore equals() and hashCode() methods similarly to S1541
SONARJAVA-4325 Change message suggestion for S3878 when method argument type is not Object
SONARJAVA-4257 Fix typo in S4605 message
New Feature
SONARJAVA-4349 Expose ClasspathForMain.getBinaryDirs() in public API
SONARJAVA-4348 Expose test classpath and binaries in the public API
Task
SONARJAVA-4346 Update rules metadata
SONARJAVA-4264 Remove deprecated common-java:DuplicatedBlocks rule from Sonar Way
7.14.0.30229
Release notes - SonarJava - Version 7.14
False-Positive
SONARJAVA-4330 Rule S2272: FP on method calls that are not next()
SONARJAVA-4242 SE should handle "booleanValue()" from Boolean wrapper
SONARJAVA-4174 S2259 should not raise an issue when a null variable is passed to Optional.ofNullable
SONARJAVA-4131 Add support of org.springframework.util.StringUtils#isEmpty
Improvement
SONARJAVA-4288 Update Analyzer Commons to 1.27: changes in Regex check and resources loading
SONARJAVA-4220 Update ECJ to 3.30.0
SONARJAVA-3891 Add support of org.apache.commons.lang3.ArrayUtils methods
New Feature
SONARJAVA-4284 Rules support PCI DSS Security Standard
SONARJAVA-4278 Rule S2068: Remove method checks
SONARJAVA-4275 Rule S6437: Credentials should not be hard-coded
Task
SONARJAVA-4332 Update rules metadata
7.13.0.29990
Release Notes - SonarJava - Version 7.13
New Feature
- [SONARJAVA-4133] - Rule S6241 Region should be set explicitly when creating a new AwsClient
- [SONARJAVA-4134] - Rule S6242 Credentials Provider should be set explicitly when creating a new "AwsClient"
- [SONARJAVA-4135] - Rule S6243 Reusable resources should be initialized at construction time of Lambda functions
- [SONARJAVA-4136] - Rule S6244 Consumer Builders should be used
- [SONARJAVA-4137] - Rule S6246 Lambdas should not invoke other lambdas synchronously
- [SONARJAVA-4138] - Rule S6262 AWS region should not be set with a hardcoded String
- [SONARJAVA-4139] - Rule S6263 Using Long-term access keys are security-sensitive
Task
- [SONARJAVA-4270] - Add performance timers on the cache-aware analysis paths
- [SONARJAVA-4280] - Update rules metadata
Improvement
- [SONARJAVA-4271] - Do not attempt to scan without parsing in a context where files cannot be skipped
- [SONARJAVA-4276] - Message of S4968 should end with a full stop
7.12.1.29810
Release Notes - SonarJava - Version 7.12.1
Bug
- [SONARJAVA-4267] - The Java analyzer crashes when running incremental analysis on generated files
False-Positive
- [SONARJAVA-4243] - FP in S6205 when the content of the block is not an expression