@pmd-bot pmd-bot released this Oct 28, 2018 · 113 commits to master since this release

Assets 5

28-October-2018 - 6.9.0

The PMD team is pleased to announce PMD 6.9.0.

This is a minor release.

Table Of Contents

New and noteworthy

Improved Golang CPD Support

Thanks to the work of ITBA students Matías Fraga,
Tomi De Lucca and Lucas Soncini,
Golang is now backed by a proper Antlr Grammar. This means CPD is now better at detecting duplicates,
as comments are recognized as such and ignored.

New Rules

  • The new PLSQL rule CodeFormat (plsql-codestyle) verifies that
    PLSQL code is properly formatted. It checks e.g. for correct indentation in select statements and verifies
    that each parameter is defined on a separate line.

Fixed Issues

  • all
    • #649: [core] Exclude specific files from command line
    • #1272: [core] Could not find or load main class when using symlinked run.sh
    • #1377: [core] LanguageRegistry uses default class loader when invoking ServiceLocator
    • #1394: [doc] How to configure "-cache "
    • #1412: [doc] Broken link to adding new cpd language documentation
  • apex
    • #1396: [apex] ClassCastException caused by Javadoc
  • java
    • #1330: [java] PMD crashes with java.lang.ClassFormatError: Absent Code attribute in method that is not native or abstract in class file javax/xml/ws/Service
  • java-bestpractices
    • #1202: [java] GuardLogStatement: "There is log block not surrounded by if" doesn't sound right
    • #1209: [java] UnusedImports false positive for static import with package-private method usage
    • #1343: [java] Update CommentDefaultAccessModifierRule to extend AbstractIgnoredAnnotationRule
    • #1365: [java] JUnitTestsShouldIncludeAssert false positive
    • #1404: [java] UnusedImports false positive with static ondemand import with method call
  • java-codestyle
    • #1199: [java] UnnecessaryFullyQualifiedName doesn't flag same package FQCNs
    • #1356: [java] UnnecessaryModifier wrong message public->static
  • java-design
    • #1369: [java] Processing error (ClassCastException) if a TYPE_USE annotation is used on a base class in the "extends" clause
  • jsp
    • #1402: [jsp] JspTokenManager has a problem about jsp scriptlet
  • documentation
    • #1349: [doc] Provide some explanation for WHY duplicate code is bad, like mutations

API Changes

  • PMD has a new CLI option -ignorelist. With that, you can provide a file containing a comma-delimit list of files,
    that should be excluded during analysis. The ignorelist is applied after the files have been selected
    via -dir or -filelist, which means, if the file is in both lists, then it will be ignored.
    Note: there is no corresponding option for the Ant task, since the feature is already available via
    Ant's FileSet include/exclude filters.

External Contributions

@pmd-bot pmd-bot released this Sep 30, 2018 · 301 commits to master since this release

Assets 5

30-September-2018 - 6.8.0

The PMD team is pleased to announce PMD 6.8.0.

This is a minor release.

Table Of Contents

New and noteworthy

Drawing a line between private and public API

Until now, all released public members and types were implicitly considered part
of PMD's public API, including inheritance-specific members (protected members, abstract methods).
We have maintained those APIs with the goal to preserve full binary compatibility between minor releases,
only breaking those APIs infrequently, for major releases.

In order to allow PMD to move forward at a faster pace, this implicit contract will
be invalidated with PMD 7.0.0. We now introduce more fine-grained distinctions between
the type of compatibility support we guarantee for our libraries, and ways to make
them explicit to clients of PMD.

.internal packages and @InternalApi annotation

Internal API is meant for use only by the main PMD codebase. Internal types and methods
may be modified in any way, or even removed, at any time.

Any API in a package that contains an .internal segment is considered internal.
The @InternalApi annotation will be used for APIs that have to live outside of
these packages, e.g. methods of a public type that shouldn't be used outside of PMD (again,
these can be removed anytime).

@ReservedSubclassing

Types marked with the @ReservedSubclassing annotation are only meant to be subclassed
by classes within PMD. As such, we may add new abstract methods, or remove protected methods,
at any time. All published public members remain supported. The annotation is not inherited, which
means a reserved interface doesn't prevent its implementors to be subclassed.

@Experimental

APIs marked with the @Experimental annotation at the class or method level are subject to change.
They can be modified in any way, or even removed, at any time. You should not use or rely
on them in any production code. They are purely to allow broad testing and feedback.

@Deprecated

APIs marked with the @Deprecated annotation at the class or method level will remain supported
until the next major release but it is recommended to stop using them.

The transition

All currently supported APIs will remain so until 7.0.0. All APIs that are to be moved to
.internal packages or hidden will be tagged @InternalApi before that major release, and
the breaking API changes will be performed in 7.0.0.

Quickstart Ruleset

PMD 6.8.0 provides a first quickstart ruleset for Java, which you can use as a base ruleset to get your
custom ruleset started. You can reference it with rulesets/java/quickstart.xml.
You are strongly encouraged to create your own ruleset
though.

The quickstart ruleset has the intention, to be useful out-of-the-box for many projects. Therefore it
references only rules, that are most likely to apply everywhere.

Any feedback would be greatly appreciated.

New Rules

  • The new Apex rule ApexDoc (apex-documentation)
    enforces the inclusion of ApexDoc on classes, interfaces, properties and methods; as well as some
    sanity rules for such docs (no missing parameters, parameters' order, and return value). By default,
    method overrides and test classes are allowed to not include ApexDoc.

Modified Rules

  • The rule MissingSerialVersionUID (java-errorprone) has been modified
    in order to recognize also missing serialVersionUID fields in abstract classes, if they are serializable.
    Each individual class in the inheritance chain needs an own serialVersionUID field. See also Should an abstract class have a serialVersionUID.
    This change might lead to additional violations in existing code bases.

PLSQL

The grammar for PLSQL has been revamped in order to fully parse SELECT INTO, UPDATE, and DELETE
statements. Previously such statements have been simply skipped ahead, now PMD is parsing them, giving access
to the individual parts of a SELECT-statement, such as the Where-Clause. This might produce new parsing errors
where PMD previously could successfully parse PLSQL code. If this happens, please report a new issue to get this problem fixed.

Fixed Issues

  • apex-bestpractices
    • #1348: [apex] AvoidGlobalModifierRule gives warning even when its a webservice - false positive
  • java-codestyle
    • #1329: [java] FieldNamingConventions: false positive in serializable class with serialVersionUID
    • #1334: [java] LinguisticNaming should support AtomicBooleans
  • java-errorprone
    • #1350: [java] MissingSerialVersionUID false-positive on interfaces
    • #1352: [java] MissingSerialVersionUID false-negative with abstract classes
  • java-performance
    • #1325: [java] False positive in ConsecutiveLiteralAppends
  • plsql
    • #1279: [plsql] Support for SELECT INTO

API Changes

  • A couple of methods and fields in net.sourceforge.pmd.properties.AbstractPropertySource have been
    deprecated, as they are replaced by already existing functionality or expose internal implementation
    details: propertyDescriptors, propertyValuesByDescriptor,
    copyPropertyDescriptors(), copyPropertyValues(), ignoredProperties(), usesDefaultValues(),
    useDefaultValueFor().

  • Some methods in net.sourceforge.pmd.properties.PropertySource have been deprecated as well:
    usesDefaultValues(), useDefaultValueFor(), ignoredProperties().

  • The class net.sourceforge.pmd.lang.rule.AbstractDelegateRule has been deprecated and will
    be removed with PMD 7.0.0. It is internally only in use by RuleReference.

  • The default constructor of net.sourceforge.pmd.lang.rule.RuleReference has been deprecated
    and will be removed with PMD 7.0.0. RuleReferences should only be created by providing a Rule and
    a RuleSetReference. Furthermore the following methods are deprecated: setRuleReference(),
    hasOverriddenProperty(), usesDefaultValues(), useDefaultValueFor().

External Contributions

@pmd-bot pmd-bot released this Sep 2, 2018 · 419 commits to master since this release

Assets 5

02-September-2018 - 6.7.0

The PMD team is pleased to announce PMD 6.7.0.

This is a minor release.

Table Of Contents

New and noteworthy

Modified Rules

  • The Java rule OneDeclarationPerLine (java-bestpractices) has been revamped to
    consider not only local variable declarations, but field declarations too.

New Rules

  • The new Java rule LinguisticNaming (java-codestyle)
    detects cases, when a method name indicates it returns a boolean (such as isSmall()) but it doesn't.
    Besides method names, the rule also checks field and variable names. It also checks, that getters return
    something but setters won't. The rule has several properties with which it can be customized.

  • The new PL/SQL rule ForLoopNaming (plsql-codestyle)
    enforces a naming convention for "for loops". Both "cursor for loops" and "index for loops" are covered.
    The rule can be customized via patterns. By default, short variable names are reported.

  • The new Java rule FieldNamingConventions (java-codestyle)
    detects field names that don't comply to a given convention. It defaults to standard Java convention of using camelCase,
    but can be configured with ease for e.g. constants or static fields.

  • The new Apex rule OneDeclarationPerLine (apex-codestyle) enforces declaring a
    single field / variable per line; or per statement if the strictMode property is set.
    It's an Apex equivalent of the already existing Java rule of the same name.

Deprecated Rules

Fixed Issues

  • core
    • #1191: [core] Test Framework: Sort violations by line/column
    • #1283: [core] Deprecate ReportTree
    • #1288: [core] No supported build listeners found with Gradle
    • #1300: [core] PMD stops processing file completely, if one rule in a rule chain fails
    • #1317: [ci] Coveralls hasn't built the project since June 25th
  • java-bestpractices
    • #940: [java] JUnit 4 false positives for JUnit 5 tests
    • #1267: [java] MissingOverrideRule: Avoid NoClassDefFoundError with incomplete classpath
    • #1323: [java] AvoidUsingHardCodedIP ignores match pattern
    • #1327: [java] AvoidUsingHardCodedIP false positive for ":bee"
  • java-codestyle
    • #1255: [java] UnnecessaryFullyQualifiedName false positive: static method on shadowed implicitly imported class
    • #1258: [java] False positive "UselessParentheses" for parentheses that contain assignment
  • java-errorprone
    • #1078: [java] MissingSerialVersionUID rule does not seem to catch inherited classes
  • java-performance
    • #1291: [java] InvalidSlf4jMessageFormat false positive: too many arguments with string concatenation operator
    • #1298: [java] RedundantFieldInitializer - NumberFormatException with Long
  • jsp
    • #1274: [jsp] Support EL in tag attributes
    • #1276: [jsp] add support for jspf and tag extensions
  • plsql
    • #681: [plsql] Parse error with Cursor For Loop

API Changes

  • All classes in the package net.sourceforge.pmd.lang.dfa.report have been deprecated and will be removed
    with PMD 7.0.0. This includes the class net.sourceforge.pmd.lang.dfa.report.ReportTree. The reason is,
    that this class is very specific to Java and not suitable for other languages. It has only been used for
    YAHTMLRenderer, which has been rewritten to work without these classes.

  • The nodes RUNSIGNEDSHIFT and RSIGNEDSHIFT are deprecated and will be removed from the AST with PMD 7.0.0.
    These represented the operator of ShiftExpression in two cases out of three, but they're not needed and
    make ShiftExpression inconsistent. The operator of a ShiftExpression is now accessible through
    ShiftExpression#getOperator.

External Contributions

@pmd-bot pmd-bot released this Jul 29, 2018 · 597 commits to master since this release

Assets 5

29-July-2018 - 6.6.0

The PMD team is pleased to announce PMD 6.6.0.

This is a minor release.

Table Of Contents

New and noteworthy

Java 11 Support

PMD is now able to parse the local-variable declaration syntax var xxx, that has been
extended for lambda parameters with Java 11 via
JEP 323: Local-Variable Syntax for Lambda Parameters.

New Rules

  • The new Java rule LocalVariableNamingConventions
    (java-codestyle) detects local variable names that don't comply to a given convention. It defaults to standard
    Java convention of using camelCase, but can be configured. Special cases can be configured for final variables
    and caught exceptions' names.

  • The new Java rule FormalParameterNamingConventions
    (java-codestyle) detects formal parameter names that don't comply to a given convention. It defaults to
    standard Java convention of using camelCase, but can be configured. Special cases can be configured for final
    parameters and lambda parameters (considering whether they are explicitly typed or not).

Modified Rules

Fixed Issues

  • core
    • #1178: [core] "Unsupported build listener" in gradle build
    • #1225: [core] Error in sed expression on line 82 of run.sh while detecting installed version of Java
  • doc
    • #1215: [doc] TOC links don't work?
  • java-codestyle
    • #1211: [java] CommentDefaultAccessModifier false positive with nested interfaces (regression from 6.4.0)
    • #1216: [java] UnnecessaryFullyQualifiedName false positive for the same name method
  • java-design
    • #1217: [java] CyclomaticComplexityRule counts ?-operator twice
    • #1226: [java] NPath complexity false negative due to overflow
  • plsql
    • #980: [plsql] ParseException for CREATE TABLE
    • #981: [plsql] ParseException when parsing VIEW
    • #1047: [plsql] ParseException when parsing EXECUTE IMMEDIATE
  • ui
    • #1233: [ui] XPath autocomplete arrows on first and last items

API Changes

  • The findDescendantsOfType methods in net.sourceforge.pmd.lang.ast.AbstractNode no longer search for
    exact type matches, but will match subclasses, too. That means, it's now possible to look for abstract node
    types such as AbstractJavaTypeNode and not only for it's concrete subtypes.

External Contributions

@pmd-bot pmd-bot released this Jun 26, 2018 · 724 commits to master since this release

Assets 5

26-June-2018 - 6.5.0

The PMD team is pleased to announce PMD 6.5.0.

This is a minor release.

Table Of Contents

New and noteworthy

New Rules

  • The new Apex rule AvoidNonExistentAnnotations (apex-errorprone)
    detects usages non-officially supported annotations. Apex supported non existent annotations for legacy reasons.
    In the future, use of such non-existent annotations could result in broken Apex code that will not compile.
    A full list of supported annotations can be found here

Modified Rules

  • The Java rule UnnecessaryModifier (java-codestyle)
    now detects enum constrcutors with explicit private modifier. The rule now produces better error messages
    letting you know exactly which modifiers are redundant at each declaration.

Fixed Issues

  • all
    • #1119: [doc] Make the landing page of the documentation website more useful
    • #1168: [core] xml renderer schema definitions (#538) break included xslt files
    • #1173: [core] Some characters in CPD are not shown correctly.
    • #1193: [core] Designer doesn't start with run.sh
  • ecmascript
    • #861: [ecmascript] InnaccurateNumericLiteral false positive with hex literals
  • java
    • #1074: [java] MissingOverrideRule exception when analyzing PMD under Java 9
    • #1174: [java] CommentUtil.multiLinesIn() could lead to StringIndexOutOfBoundsException
  • java-bestpractices
    • #651: [java] SwitchStmtsShouldHaveDefault should be aware of enum types
    • #869: [java] GuardLogStatement false positive on return statements and Math.log
  • java-codestyle
    • #667: [java] Make AtLeastOneConstructor Lombok-aware
    • #1154: [java] CommentDefaultAccessModifierRule FP with nested enums
    • #1158: [java] Fix IdenticalCatchBranches false positive
    • #1186: [java] UnnecessaryFullyQualifiedName doesn't detect java.lang FQ names as violations
  • java-design
    • #1200: [java] New default NcssCount method report level is drastically reduced from values of deprecated NcssMethodCount and NcssTypeCount
  • xml
    • #715: [xml] ProjectVersionAsDependencyVersion false positive

API Changes

  • The utility class net.sourceforge.pmd.lang.java.ast.CommentUtil has been deprecated and will be removed
    with PMD 7.0.0. Its methods have been intended to parse javadoc tags. A more useful solution will be added
    around the AST node FormalComment, which contains as children JavadocElement nodes, which in
    turn provide access to the JavadocTag.

    All comment AST nodes (FormalComment, MultiLineComment, SingleLineComment) have a new method
    getFilteredComment() which provide access to the comment text without the leading /* markers.

  • The method AbstractCommentRule.tagsIndicesIn() has been deprecated and will be removed with
    PMD 7.0.0. It is not very useful, since it doesn't extract the information
    in a useful way. You would still need check, which tags have been found, and with which
    data they might be accompanied.

External Contributions

@pmd-bot pmd-bot released this May 29, 2018 · 995 commits to master since this release

Assets 5

29-May-2018 - 6.4.0

The PMD team is pleased to announce PMD 6.4.0.

This is a minor release.

Table Of Contents

New and noteworthy

Java 10 Support

PMD is now able to understand local-variable type inference as introduced by Java 10.
Simple type resolution features are available, e.g. the type of the variable s is inferred
correctly as String:

var s = "Java 10";

XPath Type Resolution Functions

For some time now PMD has supported Type Resolution, and exposed this functionality to XPath rules for the Java language
with the typeof function. This function however had a number of shortcomings:

  • It would take a first arg with the name to match if types couldn't be resolved. In all cases this was @Image
    but was still required.
  • It required 2 separate arguments for the Fully Qualified Class Name and the simple name of the class against
    which to test.
  • If only the Fully Qualified Class Name was provided, no simple name check was performed (not documented,
    but abused on some rules to "fix" some false positives).

In this release we are deprecating typeof in favor of a simpler typeIs function, which behaves exactly as the
old typeof when given all 3 arguments.

typeIs receives a single parameter, which is the fully qualified name of the class to test against.

So, calls such as:

//ClassOrInterfaceType[typeof(@Image, 'junit.framework.TestCase', 'TestCase')]

can now we expressed much more concisely as:

//ClassOrInterfaceType[typeIs('junit.framework.TestCase')]

With this change, we also allow to check against array types by just appending [] to the fully qualified class name.
These can be repeated for arrays of arrays (e.g. byte[][] or java.lang.String[]).

Additionally, we introduce the companion function typeIsExactly, that receives the same parameters as typeIs,
but checks for exact type matches, without considering the type hierarchy. That is, the test
typeIsExactly('junit.framework.TestCase') will match only if the context node is an instance of TestCase, but
not if it's an instance of a subclass of TestCase. Be aware then, that using that method with abstract types will
never match.

New Rules

  • The new Java rule HardCodedCryptoKey (java-security)
    detects hard coded keys used for encryption. It is recommended to store keys outside of the source code.

  • The new Java rule IdenticalCatchBranches (java-codestyle)
    finds catch blocks,
    that catch different exception but perform the same exception handling and thus can be collapsed into a
    multi-catch try statement.

Modified Rules

  • The Java rule JUnit4TestShouldUseTestAnnotation (java-bestpractices)
    has a new parameter "testClassPattern". It is used to distinguish test classes from other classes and
    avoid false positives. By default, any class, that has "Test" in its name, is considered a test class.

  • The Java rule CommentDefaultAccessModifier (java-codestyle)
    allows now by default the comment "/* package */ in addition to "/* default */. This behavior can
    still be adjusted by setting the property regex.

Fixed Issues

  • all
    • #1018: [java] Performance degradation of 250% between 6.1.0 and 6.2.0
    • #1145: [core] JCommander's help text for option -min is wrong
  • java
    • #672: [java] Support exact type matches for type resolution from XPath
    • #743: [java] Prepare for Java 10
    • #1077: [java] Analyzing enum with lambda passed in constructor fails with "The enclosing scope must exist."
    • #1115: [java] Simplify xpath typeof syntax
    • #1131: [java] java.lang.ClassFormatError: Absent Code attribute in method that is not native or abstract in class file javax/faces/application/FacesMessage$Severity
  • java-bestpractices
    • #527: [java] False Alarm of JUnit4TestShouldUseTestAnnotation on Predicates
    • #1063: [java] MissingOverride is triggered in illegal places
  • java-codestyle
    • #720: [java] ShortVariable should whitelist lambdas
    • #955: [java] Detect identical catch statements
    • #1114: [java] Star import overwritten by explicit import is not correctly handled
    • #1064: [java] ClassNamingConventions suggests to add Util suffix for simple exception wrappers
    • #1065: [java] ClassNamingConventions shouldn't prohibit numbers in class names
    • #1067: [java] [6.3.0] PrematureDeclaration false-positive
    • #1096: [java] ClassNamingConventions is too ambitious on finding utility classes
  • java-design
    • #824: [java] UseUtilityClass false positive when extending
    • #1021: [java] False positive for DoNotExtendJavaLangError
    • #1097: [java] False negative in AvoidThrowingRawExceptionTypes
  • java-performance
    • #1051: [java] ConsecutiveAppendsShouldReuse false-negative
    • #1098: [java] Simplify LongInstantiation, IntegerInstantiation, ByteInstantiation, and ShortInstantiation using type resolution
    • #1125: [java] Improve message of InefficientEmptyStringCheck for String.trim().isEmpty()
  • doc
    • #999: [doc] Add a header before the XPath expression in rules
    • #1082: [doc] Multifile analysis doc is invalid
  • vf-security
    • #1100: [vf] URLENCODE is ignored as valid escape method

API Changes

  • The following classes in package net.sourceforge.pmd.benchmark have been deprecated: Benchmark, Benchmarker,
    BenchmarkReport, BenchmarkResult, RuleDuration, StringBuilderCR and TextReport. Their API is not supported anymore
    and is disconnected from the internals of PMD. Use the newer API based around TimeTracker instead, which can be found
    in the same package.
  • The class net.sourceforge.pmd.lang.java.xpath.TypeOfFunction has been deprecated. Use the newer TypeIsFunction in the same package.
  • The typeof methdos in net.sourceforge.pmd.lang.java.xpath.JavaFunctions have been deprecated.
    Use the newer typeIs method in the same class instead..
  • The methods isA, isEither and isNeither of net.sourceforge.pmd.lang.java.typeresolution.TypeHelper.
    Use the new isExactlyAny and isExactlyNone methods in the same class instead.

External Contributions

@pmd-bot pmd-bot released this Apr 29, 2018 · 1253 commits to master since this release

Assets 5

29-April-2018 - 6.3.0

The PMD team is pleased to announce PMD 6.3.0.

This is a minor release.

Table Of Contents

New and noteworthy

Tree Traversal Revision

As described in #904, when searching for child nodes of the AST methods
such as hasDescendantOfType, getFirstDescendantOfType and findDescendantsOfType were found to behave inconsistently,
not all of them honoring find boundaries; that is, nodes that define a self-contained entity which should be considered separately
(think of lambdas, nested classes, anonymous classes, etc.). We have modified these methods to ensure all of them honor
find boundaries.

This change implies several false positives / unexpected results
(ie: ASTBlockStatement falsely returning true to isAllocation())
have been fixed; and lots of searches are now restricted to smaller search areas, which improves performance
(depending on the project, we have measured up to 10% improvements during Type Resolution, Symbol Table analysis,
and some rules' application).

Naming Rules Enhancements

  • ClassNamingConventions (java-codestyle)
    has been enhanced to allow granular configuration of naming
    conventions for different kinds of type declarations (eg enum or abstract
    class). Each kind of declaration can use its own naming convention
    using a regex property. See the rule's documentation for more info about
    configuration and default conventions.

  • MethodNamingConventions (java-codestyle)
    has been enhanced in the same way.

CPD Suppression

Back in PMD 5.6.0 we introduced the ability to suppress CPD warnings in Java using comments, by
including CPD-OFF (to start ignoring code), or CPD-ON (to resume analysis) during CPD execution.
This has proved to be much more flexible and versatile than the old annotation-based approach,
and has since been the preferred way to suppress CPD warnings.

On this occasion, we are extending support for comment-based suppressions to many other languages:

  • C/C++
  • Ecmascript / Javascript
  • Matlab
  • Objective-C
  • PL/SQL
  • Python

So for instance, in Python we could now do:

class BaseHandler(object):
    def __init__(self):
        # some unignored code

        # tell cpd to start ignoring code - CPD-OFF

        # mission critical code, manually loop unroll
        GoDoSomethingAwesome(x + x / 2);
        GoDoSomethingAwesome(x + x / 2);
        GoDoSomethingAwesome(x + x / 2);
        GoDoSomethingAwesome(x + x / 2);
        GoDoSomethingAwesome(x + x / 2);
        GoDoSomethingAwesome(x + x / 2);

        # resume CPD analysis - CPD-ON

        # further code will *not* be ignored

Other languages are equivalent.

Swift 4.1 Support

Thanks to major contributions from kenji21 the Swift grammar has been updated to
support Swift 4.1. This is a major update, since the old grammar was quite dated, and we are sure all iOS
developers will enjoy it.

Unfortunately, this change is not compatible. The grammar elements that have been removed (ie: the keywords __FILE__,
__LINE__, __COLUMN__ and __FUNCTION__) are no longer supported. We don't usually introduce such
drastic / breaking changes in minor releases, however, given that the whole Swift ecosystem pushes hard towards
always using the latest versions, and that Swift needs all code and libraries to be currently compiling against
the same Swift version, we felt strongly this change was both safe and necessary to be shipped as soon as possible.
We had great feedback from the community during the process but if you have a legitimate use case for older Swift
versions, please let us know on our Issue Tracker.

New Rules

  • The new Java rule InsecureCryptoIv (java-security)
    detects hard coded initialization vectors used in cryptographic operations. It is recommended to use
    a randomly generated IV.

Modified Rules

  • The Java rule UnnecessaryConstructor (java-codestyle)
    has been rewritten as a Java rule (previously it was a XPath-based rule). It supports a new property
    ignoredAnnotations and ignores by default empty constructors,
    that are annotated with javax.inject.Inject. Additionally, it detects now also unnecessary private constructors
    in enums.

  • The property checkNativeMethods of the Java rule MethodNamingConventions (java-codestyle)
    is now deprecated, as it is now superseded by nativePattern. Support for that property will be maintained until
    7.0.0.

  • The Java rule ControlStatementBraces (java-codestyle)
    supports a new boolean property checkSingleIfStmt. When unset, the rule won't report if statements which lack
    braces, if the statement is not part of an if ... else if chain. This property defaults to true.

Deprecated Rules

Fixed Issues

  • all
    • #695: [core] Extend comment-based suppression to all JavaCC languages
    • #988: [core] FileNotFoundException for missing classes directory with analysis cache enabled
    • #1036: [core] Non-XML output breaks XML-based CLI integrations
  • apex-errorprone
    • #776: [apex] AvoidHardcodingId false positives
  • documentation
    • #994: [doc] Delete duplicate page contributing.md on the website
    • #1057: [doc] Documentation of ignoredAnnotations property is misleading
  • java
    • #894: [java] Maven PMD plugin fails to process some files without any explanation
    • #899: [java] JavaTypeDefinitionSimple.toString can cause NPEs
    • #1020: [java] The CyclomaticComplexity rule runs forever in 6.2.0
    • #1030: [java] NoClassDefFoundError when analyzing PMD with PMD
    • #1061: [java] Update ASM to handle Java 10 bytecode
  • java-bestpractices
    • #370: [java] GuardLogStatementJavaUtil not considering lambdas
    • #558: [java] ProperLogger Warnings for enums
    • #719: [java] Unused Code: Java 8 receiver parameter with an internal class
    • #1009: [java] JUnitAssertionsShouldIncludeMessage - False positive with assertEquals and JUnit5
  • java-codestyle
    • #1003: [java] UnnecessaryConstructor triggered on required empty constructor (Dagger @Inject)
    • #1023: [java] False positive for useless parenthesis
    • #1004: [java] ControlStatementBraces is missing checkIfStmt property
  • java-design
    • #1056: [java] Property ignoredAnnotations does not work for SingularField and ImmutableField
  • java-errorprone
    • #629: [java] NullAssignment false positive
    • #816: [java] SingleMethodSingleton false positives with inner classes
  • java-performance
    • #586: [java] AvoidUsingShortType erroneously triggered on overrides of 3rd party methods
  • swift
    • #678: [swift][cpd] Exception when running for Swift 4 code (KeyPath)

External Contributions

@pmd-bot pmd-bot released this Mar 26, 2018 · 1460 commits to master since this release

Assets 5

26-March-2018 - 6.2.0

The PMD team is pleased to announce PMD 6.2.0.

This is a minor release.

Table Of Contents

New and noteworthy

Ecmascript (JavaScript)

The Rhino Library has been upgraded from version 1.7.7 to version 1.7.7.2.

Detailed changes for changed in Rhino can be found:

Both are bugfixing releases.

Disable Incremental Analysis

Some time ago, we added support for Incremental Analysis. On PMD 6.0.0, we
started to add warns when not using it, as we strongly believe it's a great improvement to our user's experience as
analysis time is greatly reduced; and in the future we plan to have it enabled by default. However, we realize some
scenarios don't benefit from it (ie: CI jobs), and having the warning logged can be noisy and cause confusion.

To this end, we have added a new flag to allow you to explicitly disable incremental analysis. On CLI, this is
the new -no-cache flag. On Ant, there is a noCache attribute for the <pmd> task.

On both scenarios, disabling the cache takes precedence over setting a cache location.

New Rules

  • The new Java rule MissingOverride
    (category bestpractices) detects overridden and implemented methods, which are not marked with the
    @Override annotation. Annotating overridden methods with @Override ensures at compile time that
    the method really overrides one, which helps refactoring and clarifies intent.

  • The new Java rule UnnecessaryAnnotationValueElement
    (category codestyle) detects annotations with a single element (value) that explicitely names it.
    That is, doing @SuppressWarnings(value = "unchecked") would be flagged in favor of
    @SuppressWarnings("unchecked").

  • The new Java rule ControlStatementBraces
    (category codestyle) enforces the presence of braces on control statements where they are optional.
    Properties allow to customize which statements are required to have braces. This rule replaces the now
    deprecated rules WhileLoopMustUseBraces, ForLoopMustUseBraces, IfStmtMustUseBraces, and
    IfElseStmtMustUseBraces. More than covering the use cases of those rules, this rule also supports
    do ... while statements and case labels of switch statements (disabled by default).

Modified Rules

  • The Java rule CommentContentRule (java-documentation) previously had the property wordsAreRegex. But this
    property never had been implemented and is removed now.

  • The Java rule UnusedPrivateField (java-bestpractices) now has a new ignoredAnnotations property
    that allows to configure annotations that imply the field should be ignored. By default @java.lang.Deprecated
    and @javafx.fxml.FXML are ignored.

  • The Java rule UnusedPrivateMethod (java-bestpractices) now has a new ignoredAnnotations property
    that allows to configure annotations that imply the method should be ignored. By default @java.lang.Deprecated
    is ignored.

  • The Java rule ImmutableField (java-design) now has a new ignoredAnnotations property
    that allows to configure annotations that imply the method should be ignored. By default several lombok
    annotations are ignored

  • The Java rule SingularField (java-design) now has a new ignoredAnnotations property
    that allows to configure annotations that imply the method should be ignored. By default several lombok
    annotations are ignored

Deprecated Rules

  • The Java rules WhileLoopMustUseBraces, ForLoopMustUseBraces, IfStmtMustUseBraces, and IfElseStmtMustUseBraces
    are deprecated. They will be replaced by the new rule ControlStatementBraces, in the category codestyle.

Fixed Issues

  • all
    • #928: [core] PMD build failure on Windows
  • java-bestpracrtices
    • #907: [java] UnusedPrivateField false-positive with @FXML
    • #963: [java] ArrayIsStoredDirectly not triggered from variadic functions
  • java-codestyle
    • #974: [java] Merge *StmtMustUseBraces rules
    • #983: [java] Detect annotations with single value element
  • java-design
    • #832: [java] AvoidThrowingNullPointerException documentation suggestion
    • #837: [java] CFGs of declared but not called lambdas are treated as parts of an enclosing method's CFG
    • #839: [java] SignatureDeclareThrowsException's IgnoreJUnitCompletely property not honored for constructors
    • #968: [java] UseUtilityClassRule reports false positive with lombok NoArgsConstructor
  • documentation
    • #978: [core] Broken link in CONTRIBUTING.md
    • #992: [core] Include info about rule doc generation in "Writing Documentation" md page

API Changes

  • A new CLI switch, -no-cache, disables incremental analysis and the related suggestion. This overrides the
    -cache option. The corresponding Ant task parameter is noCache.

  • The static method PMDParameters.transformParametersIntoConfiguration(PMDParameters) is now deprecated,
    for removal in 7.0.0. The new instance method PMDParameters.toConfiguration() replaces it.

  • The method ASTConstructorDeclaration.getParameters() has been deprecated in favor of the new method
    getFormalParameters(). This method is available for both ASTConstructorDeclaration and
    ASTMethodDeclaration.

External Contributions

  • #941: [java] Use char notation to represent a character to improve performance - reudismam
  • #943: [java] UnusedPrivateField false-positive with @FXML - BBG
  • #951: [java] Add ignoredAnnotations property to unusedPrivateMethod rule - BBG
  • #952: [java] SignatureDeclareThrowsException's IgnoreJUnitCompletely property not honored for constructors - BBG
  • #958: [java] Refactor how we ignore annotated elements in rules - BBG
  • #965: [java] Make Varargs trigger ArrayIsStoredDirectly - Stephen
  • #967: [doc] Issue 959: fixed broken link to XPath Rule Tutorial - Andrey Mochalov
  • #969: [java] Issue 968 Add logic to handle lombok private constructors with utility classes - Kirk Clemens
  • #970: [java] Fixed inefficient use of keySet iterator instead of entrySet iterator - Andrey Mochalov
  • #984: [java] issue983 Add new UnnecessaryAnnotationValueElement rule - Kirk Clemens
  • #989: [core] Update Contribute.md to close Issue #978 - Bolarinwa Saheed Olayemi
  • #990: [java] Updated Doc on AvoidThrowingNullPointerException to close Issue #832 - Bolarinwa Saheed Olayemi
  • #993: [core] Update writing_documentation.md to fix Issue #992 - Bolarinwa Saheed Olayemi

@pmd-bot pmd-bot released this Feb 25, 2018 · 1666 commits to master since this release

Assets 5

25-February-2018 - 6.1.0

The PMD team is pleased to announce PMD 6.1.0.

This is a minor release.

Table Of Contents

New and noteworthy

Designer UI

The Designer now supports configuring properties for XPath based rule development.
The Designer is still under development and any feedback is welcome.

You can start the designer via run.sh designer or designer.bat.

Fixed Issues

  • all
    • #569: [core] XPath support requires specific toString implementations
    • #795: [cpd] java.lang.OutOfMemoryError
    • #848: [doc] Test failures when building pmd-doc under Windows
    • #872: [core] NullPointerException at FileDataSource.glomName()
    • #854: [ci] Use Java9 for building PMD
  • doc
    • #791: [doc] Documentation site reorganisation
    • #891: [doc] Apex @SuppressWarnings should use single quotes instead of double quotes
    • #909: [doc] Please add new PMD Eclipse Plugin to tool integration section
  • java
    • #825: [java] Excessive*Length ignores too much
    • #888: [java] ParseException occurs with valid '<>' in Java 1.8 mode
    • #920: [java] Update valid identifiers in grammar
  • java-bestpractices
    • #784: [java] ForLoopCanBeForeach false-positive
    • #925: [java] UnusedImports false positive for static import
  • java-design
    • #855: [java] ImmutableField false-positive with lambdas
  • java-documentation
    • #877: [java] CommentRequired valid rule configuration causes PMD error
  • java-errorprone
    • #885: [java] CompareObjectsWithEqualsRule trigger by enum1 != enum2
  • java-performance
    • #541: [java] ConsecutiveLiteralAppends with types other than string
  • scala
    • #853: [scala] Upgrade scala version to support Java 9
  • xml
    • #739: [xml] IllegalAccessException when accessing attribute using Saxon on JRE 9

API Changes

Changes to the Node interface

The method getXPathNodeName is added to the Node interface, which removes the
use of the toString of a node to get its XPath element name (see #569).
A default implementation is provided in AbstractNode, to stay compatible
with existing implementors.

The toString method of a Node is not changed for the time being, and still produces
the name of the XPath node. That behaviour may however change in future major releases,
e.g. to produce a more useful message for debugging.

Changes to CPD renderers

The interface net.sourceforge.pmd.cpd.Renderer has been deprecated. A new interface net.sourceforge.pmd.cpd.renderer.CPDRenderer
has been introduced to replace it. The main difference is that the new interface is meant to render directly to a java.io.Writer
rather than to a String. This allows to greatly reduce the memory footprint of CPD, as on large projects, with many duplications,
it was causing OutOfMemoryErrors (see #795).

net.sourceforge.pmd.cpd.FileReporter has also been deprecated as part of this change, as it's no longer needed.

External Contributions

@pmd-bot pmd-bot released this Jan 21, 2018 · 1830 commits to master since this release

Assets 5

21-January-2018 - 6.0.1

The PMD team is pleased to announce PMD 6.0.1.

This is a bug fixing release.

Table Of Contents

Additional information about the new introduced rule categories

With the release of PMD 6.0.0, all rules have been sorted into one of the following eight categories:

  1. Best Practices: These are rules which enforce generally accepted best practices.
  2. Code Style: These rules enforce a specific coding style.
  3. Design: Rules that help you discover design issues.
  4. Documentation: These rules are related to code documentation.
  5. Error Prone: Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.
  6. Multithreading: These are rules that flag issues when dealing with multiple threads of execution.
  7. Performance: Rules that flag suboptimal code.
  8. Security: Rules that flag potential security flaws.

Please note, that not every category in every language may have a rule. There might be categories with no
rules at all, such as category/java/security.xml, which has currently no rules.
There are even languages, which only have rules of one category (e.g. category/xml/errorprone.xml).

You can find the information about available rules in the generated rule documentation, available
at https://pmd.github.io/pmd-6.0.1/.

In order to help migrate to the new category scheme, the new name for the old, deprecated rule names will
be logged as a warning. See PR #865. Please note, that the deprecated
rule names will keep working throughout PMD 6. You can upgrade to PMD 6 without the immediate need
to migrate your current ruleset. That backwards compatibility will be maintained until PMD 7.0.0 is released.

Fixed Issues

  • all
    • #842: [core] Use correct java bootclasspath for compiling
  • apex-errorprone
    • #792: [apex] AvoidDirectAccessTriggerMap incorrectly detects array access in classes
  • apex-security
    • #788: [apex] Method chaining breaks ApexCRUDViolation
  • doc
    • #782: [doc] Wrong information in the Release Notes about the Security ruleset
    • #794: [doc] Broken documentation links for 6.0.0
  • java
    • #793: [java] Parser error with private method in nested classes in interfaces
    • #814: [java] UnsupportedClassVersionError is failure instead of a warning
    • #831: [java] StackOverflow in JavaTypeDefinitionSimple.toString
  • java-bestpractices
    • #783: [java] GuardLogStatement regression
    • #800: [java] ForLoopCanBeForeach NPE when looping on this object
  • java-codestyle
    • #817: [java] UnnecessaryModifierRule crashes on valid code
  • java-design
    • #785: [java] NPE in DataClass rule
    • #812: [java] Exception applying rule DataClass
    • #827: [java] GodClass crashes with java.lang.NullPointerException
  • java-performance
    • #841: [java] InsufficientStringBufferDeclaration NumberFormatException
  • java-typeresolution
    • #866: [java] rulesets/java/typeresolution.xml lists non-existent rules

API Changes

  • The constant net.sourceforge.pmd.PMD.VERSION has been deprecated and will be removed with PMD 7.0.0.
    Please use net.sourceforge.pmd.PMDVersion.VERSION instead.

External Contributions