Skip to content
@github-actions github-actions
pmd_releases/6.47.0
This tag was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
07eb3d2
This commit was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
Compare
Choose a tag to compare

PMD 6.47.0 (25-June-2022)

Latest
Latest

25-June-2022 - 6.47.0

The PMD team is pleased to announce PMD 6.47.0.

This is a minor release.

Table Of Contents

Fixed Issues

  • core
    • #3999: [cli] All files are analyzed despite parameter --file-list
    • #4009: [core] Cannot build PMD with Temurin 17
  • java-bestpractices
    • #3824: [java] UnusedPrivateField: Do not flag fields annotated with @Version
    • #3825: [java] UnusedPrivateField: Do not flag fields annotated with @Id or @EmbeddedId
  • java-design
    • #3823: [java] ImmutableField: Do not flag fields in @Entity
    • #3981: [java] ImmutableField reports fields annotated with @Value (Spring)
    • #3998: [java] ImmutableField reports fields annotated with @Captor (Mockito)
    • #4004: [java] ImmutableField reports fields annotated with @GwtMock (GwtMockito) and @Spy (Mockito)
    • #4008: [java] ImmutableField not reporting fields that are only initialized in the declaration
    • #4011: [java] ImmutableField: Do not flag fields annotated with @Inject
    • #4020: [java] ImmutableField reports fields annotated with @FindBy and @FindBys (Selenium)
  • java-errorprone
    • #3936: [java] AvoidFieldNameMatchingMethodName should consider enum class
    • #3937: [java] AvoidDuplicateLiterals - uncompilable test cases

API Changes

No changes.

External Contributions

  • #3985: [java] Fix false negative problem about Enum in AvoidFieldNameMatchingMethodName #3936 - @Scrsloota
  • #3993: [java] AvoidDuplicateLiterals - Add the method "buz" definition to test cases - @dalizi007
  • #4002: [java] ImmutableField - Ignore fields annotated with @Value (Spring) or @Captor (Mockito) - @jjlharrison
  • #4003: [java] UnusedPrivateField - Ignore fields annotated with @Id/@EmbeddedId/@Version (JPA) or @Mock/@Spy/@MockBean (Mockito/Spring) - @jjlharrison
  • #4006: [doc] Fix eclipse plugin update site URL - @shiomiyan
  • #4010: [core] Bump kotlin to version 1.7.0 - @maikelsteneker

Stats

  • 45 commits
  • 23 closed tickets & PRs
  • Days since last release: 27

Contributors

Scrsloota, dalizi007, and 3 other contributors

Assets

5
@github-actions github-actions
pmd_releases/6.46.0
This tag was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
a75acde
This commit was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
Compare
Choose a tag to compare

PMD 6.46.0 (28-May-2022)

28-May-2022 - 6.46.0

The PMD team is pleased to announce PMD 6.46.0.

This is a minor release.

Table Of Contents

New and noteworthy

CLI improvements

The PMD CLI now allows repeating the --dir (-d) and --rulesets (-R) options,
as well as providing several space-separated arguments to either of them. For instance:

pmd -d src/main/java src/test/java -R rset1.xml -R rset2.xml

This also allows globs to be used on the CLI if your shell supports shell expansion.
For instance, the above can be written

pmd -d src/*/java -R rset*.xml

Please use theses new forms instead of using comma-separated lists as argument to these options.

C# Improvements

When executing CPD on C# sources, the option --ignore-annotations is now supported as well.
It ignores C# attributes when detecting duplicated code. This option can also be enabled via
the CPD GUI. See #3974 for details.

New Rules

This release ships with 2 new Java rules.

  • EmptyControlStatement reports many instances of empty things, e.g. control statements whose
    body is empty, as well as empty initializers.

    EmptyControlStatement also works for empty for and do loops, while there were previously
    no corresponding rules.

    This new rule replaces the rules EmptyFinallyBlock, EmptyIfStmt, EmptyInitializer, EmptyStatementBlock,
    EmptySwitchStatements, EmptySynchronizedBlock, EmptyTryBlock, and EmptyWhileStmt.

<rule ref="category/java/codestyle.xml/EmptyControlStatement"/>

The rule is part of the quickstart.xml ruleset.

  • UnnecessarySemicolon reports semicolons that are unnecessary (so called "empty statements"
    and "empty declarations").

    This new rule replaces the rule EmptyStatementNotInLoop.

<rule ref="category/java/codestyle.xml/UnnecessarySemicolon"/>

The rule is part of the quickstart.xml ruleset.

Deprecated Rules

Fixed Issues

  • cli
    • #1445: [core] Allow CLI to take globs as parameters
  • core
    • #2352: [core] Deprecate <lang>-<ruleset> hyphen notation for ruleset references
    • #3787: [core] Internalize some methods in Ant Formatter
    • #3835: [core] Deprecate system properties of CPDCommandLineInterface
    • #3942: [core] common-io path traversal vulnerability (CVE-2021-29425)
  • cs (c#)
    • #3974: [cs] Add option to ignore C# attributes (annotations)
  • go
    • #2752: [go] Error parsing unicode values
  • html
    • #3955: [html] Improvements for handling text and comment nodes
    • #3978: [html] Add additional file extensions htm, xhtml, xht, shtml
  • java
    • #3423: [java] Error processing identifiers with Unicode
  • java-bestpractices
    • #3954: [java] NPE in UseCollectionIsEmptyRule when .size() is called in a record
  • java-design
    • #3874: [java] ImmutableField reports fields annotated with @Autowired (Spring) and @mock (Mockito)
  • java-errorprone
    • #3096: [java] EmptyStatementNotInLoop FP in 6.30.0 with IfStatement
  • java-performance
    • #3379: [java] UseArraysAsList must ignore primitive arrays
    • #3965: [java] UseArraysAsList false positive with non-trivial loops
  • javascript
    • #2605: [js] Support unicode characters
    • #3948: [js] Invalid operator error for method property in object literal
  • python
    • #2604: [python] Support unicode identifiers

API Changes

Deprecated ruleset references

Ruleset references with the following formats are now deprecated and will produce a warning
when used on the CLI or in a ruleset XML file:

  • <lang-name>-<ruleset-name>, eg java-basic, which resolves to rulesets/java/basic.xml
  • the internal release number, eg 600, which resolves to rulesets/releases/600.xml

Use the explicit forms of these references to be compatible with PMD 7.

Deprecated API

  • toString is now deprecated. The format of this
    method will remain the same until PMD 7. The deprecation is intended to steer users
    away from relying on this format, as it may be changed in PMD 7.
  • getInputPaths and
    setInputPaths are now deprecated.
    A new set of methods have been added, which use lists and do not rely on comma splitting.

Internal API

Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi annotation. You'll also get a deprecation warning.

External Contributions

Stats

  • 92 commits
  • 30 closed tickets & PRs
  • Days since last release: 28

Contributors

Autowired, mock, and 3 other contributors

Assets

5
@github-actions github-actions
pmd_releases/6.45.0
1d2b40b
This commit was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
Compare
Choose a tag to compare

PMD 6.45.0 (30-April-2022)

30-April-2022 - 6.45.0

The PMD team is pleased to announce PMD 6.45.0.

This is a minor release.

Table Of Contents

New and noteworthy

PMD User Survey

Help shape the future of PMD by telling us how you use it.

Our little survey is still open in case you didn't participate yet.
Please participate in our survey at https://forms.gle/4d8r1a1RDzfixHDc7.

Thank you!

Support for HTML

This version of PMD ships a new language module to support analyzing of HTML.
Support for HTML is experimental and might change without notice.
The language implementation is not complete yet and the AST doesn't look
well for text nodes and comment nodes and might be changed in the future.
You can write your own rules, but we don't guarantee that the rules work with
the next (minor) version of PMD without adjustments.

Please give us feedback about how practical this new language is in
discussions. Please report
missing features or bugs as new issues.

New rules

  • The HTML rule AvoidInlineStyles finds elements which use a style attribute.
    In order to help maintaining a webpage it is considered good practice to separate content and styles. Instead
    of inline styles one should use CSS files and classes.
    <rule ref="category/html/bestpractices.xml/AvoidInlineStyles" />
  • The HTML rule UnnecessaryTypeAttribute finds "link" and "script" elements which
    still have a "type" attribute. This is not necessary anymore since modern browsers automatically use CSS and
    JavaScript.
      <rule ref="category/html/bestpractices.xml/UnnecessaryTypeAttribute" />
  • The HTML rule UseAltAttributeForImages finds "img" elements without an "alt"
    attribute. An alternate text should always be provided in order to help screen readers.
      <rule ref="category/html/bestpractices.xml/UseAltAttributeForImages" />

Modified rules

  • The Java rule UnusedPrivateField has a new property ignoredFieldNames.
    The default ignores serialization-specific fields (eg serialVersionUID).
    The property can be used to ignore more fields based on their name.
    Note that the rule used to ignore fields named IDENT, but doesn't anymore (add this value to the property to restore the old behaviour).

Fixed Issues

  • core
    • #3792: [core] Allow to filter violations in Report
    • #3881: [core] SARIF renderer depends on platform default encoding
    • #3882: [core] Fix AssertionError about exhaustive switch
    • #3884: [core] XML report via ant task contains XML header twice
    • #3896: [core] Fix ast-dump CLI when reading from stdin
  • doc
    • #2505: [doc] Improve side bar to show release date
  • java
    • #3068: [java] Some tests should not depend on real rules
    • #3889: [java] Catch LinkageError in UselessOverridingMethodRule
  • java-bestpractices
    • #3910: [java] UnusedPrivateField - Allow the ignored fieldnames to be configurable
    • #1185: [java] ArrayIsStoredDirectly false positive with field access
    • #1474: [java] ArrayIsStoredDirectly false positive with method call
    • #3879 [java] ArrayIsStoredDirectly reports duplicated violation
    • #3929: [java] ArrayIsStoredDirectly should report the assignment rather than formal parameter
  • java-design
    • #3603: [java] SimplifiedTernary: no violation for 'condition ? true : false' case
  • java-performance
    • #3867: [java] UseArraysAsList with method call
  • plsql
    • #3687: [plsql] Parsing exception EXECUTE IMMEDIATE l_sql BULK COLLECT INTO statement
    • #3706: [plsql] Parsing exception CURSOR statement with parenthesis groupings

API Changes

Experimental APIs

  • Report has two new methods which allow limited mutations of a given report:
    • Report#filterViolations creates a new report with
      some violations removed with a given predicate based filter.
    • Report#union can combine two reports into a single new Report.
  • net.sourceforge.pmd.util.Predicate will be replaced in PMD7 with the standard Predicate interface from java8.
  • The module pmd-html is entirely experimental right now. Anything in the package
    net.sourceforge.pmd.lang.html should be used cautiously.

External Contributions

Stats

  • 97 commits
  • 31 closed tickets & PRs
  • Days since last release: 33

Contributors

jasonqiu98, laoseth, and 4 other contributors

Assets

5
@github-actions github-actions
pmd_releases/6.44.0
6859f8d
This commit was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
Compare
Choose a tag to compare

PMD 6.44.0 (27-March-2022)

27-March-2022 - 6.44.0

The PMD team is pleased to announce PMD 6.44.0.

This is a minor release.

Table Of Contents

New and noteworthy

PMD User Survey

Help shape the future of PMD by telling us how you use it.

Please participate in our survey at https://forms.gle/4d8r1a1RDzfixHDc7.

Thank you!

Java 18 Support

This release of PMD brings support for Java 18. There are no new standard language features.

PMD also supports JEP 420: Pattern Matching for switch (Second Preview) as a preview language feature. In order to analyze a project with PMD that uses these language features, you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 18-preview:

export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 18-preview ...

Note: Support for Java 16 preview language features have been removed. The version "16-preview" is no longer available.

Better XML XPath support

The new rule class DomXPathRule is intended to replace usage of the XPathRule for XML rules. This rule executes the XPath query in a different way, which sticks to the XPath specification. This means the expression is interpreted the same way in PMD as in all other XPath development tools that stick to the standard. You can for instance test the expression in an online XPath editor.

Prefer using this class to define XPath rules: replace the value of the class attribute with net.sourceforge.pmd.lang.xml.rule.DomXPathRule like so:

<rule name="MyXPathRule"
      language="xml"
      message="A message"
      class="net.sourceforge.pmd.lang.xml.rule.DomXPathRule">

      <properties>
        <property name="xpath">
            <value><![CDATA[
            /a/b/c[@attr = "5"]
            ]]></value>
        </property>
        <!-- Note: the property "version" is ignored, remove it. The query is XPath 2. -->
      </properties>
</rule>

The rule is more powerful than XPathRule, as it can now handle XML namespaces, comments and processing instructions. Please refer to the Javadoc of DomXPathRule for information about the differences with XPathRule and examples.

XPathRule is still perfectly supported for all other languages, including Apex and Java.

New XPath functions

The new XPath functions pmd:startLine, pmd:endLine, pmd:startColumn, and pmd:endColumn are now available in XPath rules for all languages. They replace the node attributes @BeginLine, @EndLine and such. These attributes will be deprecated in a future release.

Please refer to the documentation of these functions for more information, including usage samples.

Note that the function pmd:endColumn returns an exclusive index, while the attribute @EndColumn is inclusive. This is for forward compatibility with PMD 7, which uses exclusive end indices.

New programmatic API

This release introduces a new programmatic API to replace the inflexible PMD class.
Programmatic execution of PMD should now be done with a PMDConfiguration and a PmdAnalysis, for instance:

PMDConfiguration config = new PMDConfiguration();
config.setDefaultLanguageVersion(LanguageRegistry.findLanguageByTerseName("java").getVersion("11"));
config.setInputPaths("src/main/java");
config.prependAuxClasspath("target/classes");
config.setMinimumPriority(RulePriority.HIGH);
config.addRuleSet("rulesets/java/quickstart.xml");
config.setReportFormat("xml");
config.setReportFile("target/pmd-report.xml");

try (PmdAnalysis pmd = PmdAnalysis.create(config)) {
    // note: don't use `config` once a PmdAnalysis has been created.
    // optional: add more rulesets
    pmd.addRuleSet(pmd.newRuleSetLoader().loadFromResource("custom-ruleset.xml"));
    // optional: add more files
    pmd.files().addFile(Paths.get("src", "main", "more-java", "ExtraSource.java"));
    // optional: add more renderers
    pmd.addRenderer(renderer);

    // or just call PMD
    pmd.performAnalysis();
}

The PMD class still supports methods related to CLI execution: runPmd and main. All other members are now deprecated for removal. The CLI itself remains compatible, if you run PMD via command-line, no action is required on your part.

Fixed Issues

  • apex
    • #3817: [apex] Add designer bindings to display main attributes
  • apex-performance
    • #3773: [apex] EagerlyLoadedDescribeSObjectResult false positives with SObjectField.getDescribe()
  • core
    • #2693: [ci] Add integration tests with real open-source projects
    • #3299: [core] Deprecate system properties of PMDCommandLineInterface
  • java
    • #3809: [java] Support JDK 18
  • doc
    • #2504: [doc] Improve "Edit me on github" button
    • #3812: [doc] Documentation website table of contents broken on pages with many subheadings
  • java-design
    • #3850: [java] ImmutableField - false negative when field assigned in constructor conditionally
    • #3851: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal - false negative when a compilation unit contains two class declarations
  • xml
    • #2766: [xml] XMLNS prefix is not pre-declared in xpath query
    • #3863: [xml] Make XPath rules work exactly as in the XPath spec

API Changes

Deprecated API

Experimental APIs

External Contributions

  • #3773: [apex] EagerlyLoadedDescribeSObjectResult false positives with SObjectField.getDescribe() - @filiprafalowicz
  • #3811: [doc] Improve "Edit me on github" button - @btjiong
  • #3836: [doc] Make TOC scrollable when too many subheadings - @JerritEic

Stats

  • 124 commits
  • 23 closed tickets & PRs
  • Days since last release: 29

Assets

5
@github-actions github-actions
pmd_releases/6.43.0
dd0ee61
This commit was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
Compare
Choose a tag to compare

PMD 6.43.0 (26-February-2022)

26-February-2022 - 6.43.0

The PMD team is pleased to announce PMD 6.43.0.

This is a minor release.

Table Of Contents

New and noteworthy

Fixed Issues

  • core
    • #3427: [core] Stop printing CLI usage text when exiting due to invalid parameters
    • #3768: [core] SARIF formatter reports multiple locations when it should report multiple results
  • doc
    • #2502: [doc] Add floating table-of-contents (toc) on the right
    • #3807: [doc] Document Ant Task parameter threads
  • java
    • #3698: [java] Parsing error with try-with-resources and qualified resource
  • java-bestpractices
    • #3605: [java] SwitchStmtsShouldHaveDefault triggered when default case is present
  • java-codestyle
    • #278: [java] ConfusingTernary should treat != null as positive condition
  • java-performance
    • #3374: [java] UseStringBufferForStringAppends: Wrong example in documentation
  • misc
    • #3759: [lang-test] Upgrade dokka maven plugin to 1.4.32
  • plsql
    • #3746: [plsql] Parsing exception "Less than or equal to/Greater than or equal to" operators in DML statements

API Changes

Deprecated API

Some API deprecations were performed in core PMD classes, to improve compatibility with PMD 7.

  • Report: the constructor and other construction methods like addViolation or createReport
  • RuleContext: all constructors, getters and setters. A new set
    of stable methods, matching those in PMD 7, was added to replace the addViolation
    overloads of AbstractRule. In PMD 7, RuleContext will
    be the API to report violations, and it can already be used as such in PMD 6.
  • The field configuration is unused and will be removed.

Internal API

Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi annotation. You'll also get a deprecation warning.

Changed API

It is now forbidden to report a violation:

  • With a null node
  • With a null message
  • With a null set of format arguments (prefer a zero-length array)

Note that the message is set from the XML rule declaration, so this is only relevant
if you instantiate rules manually.

RuleContext now requires setting the current rule before calling
apply. This is
done automatically by RuleSet#apply and such. Creating and configuring a
RuleContext manually is strongly advised against, as the lifecycle of RuleContext
will change drastically in PMD 7.

External Contributions

Stats

  • 49 commits
  • 22 closed tickets & PRs
  • Days since last release: 27

Assets

5
@github-actions github-actions
pmd_releases/6.42.0
391c325
This commit was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
Compare
Choose a tag to compare

PMD 6.42.0 (29-January-2022)

29-January-2022 - 6.42.0

The PMD team is pleased to announce PMD 6.42.0.

This is a minor release.

Table Of Contents

New and noteworthy

Javascript: Rhino updated to latest version 1.7.14

Rhino, the implementation of JavaScript we use
for parsing JavaScript code, has been updated to the latest version 1.7.14.
Now language features like template strings can be parsed. However Rhino does
not support all features of the latest EcmaScript standard.

New rules

  • The new Java rule FinalParameterInAbstractMethod detects parameters that are
    declared as final in interfaces or abstract methods. Declaring the parameters as final is useless
    because the implementation may choose to not respect it.
    <rule ref="category/java/codestyle.xml/FinalParameterInAbstractMethod" />

The rule is part of the quickstart.xml ruleset.

Modified rules

  • The Apex rule ApexDoc has a new property reportProperty.
    If set to false (default is true if unspecified) doesn't report missing ApexDoc comments on properties.
    It allows you to enforce ApexDoc comments for classes and methods without requiring them for properties.

Fixed Issues

  • core
    • #3328: [core] designer.bat errors when JAVAFX_HOME contains spaces
  • java
    • #3698: [java] Error resolving Symbol Table
  • java-bestpractices
    • #3209: [java] UnusedPrivateMethod false positive with static method and cast expression
    • #3468: [java] UnusedPrivateMethod false positive when outer class calls private static method on inner class
  • java-design
    • #3679: [java] Make FinalFieldCouldBeStatic detect constant variable
  • java-errorprone
    • #3644: [java] InvalidLogMessageFormat: false positives with logstash structured logging
    • #3686: [java] ReturnEmptyCollectionRatherThanNull - false negative with conditioned returns
    • #3701: [java] MissingStaticMethodInNonInstantiatableClass false positive with method inner classes
    • #3721: [java] ReturnEmptyCollectionRatherThanNull - false positive with stream and lambda
  • java-performance
    • #3492: [java] UselessStringValueOf: False positive when there is no initial String to append to
    • #3639: [java] UseStringBufferLength: false negative with empty string variable
    • #3712: [java] InsufficientStringBufferDeclaration false positive with StringBuilder.setLength(0)
  • javascript
    • #3703: [javascript] Error - no Node adapter class registered for XmlPropRef

API Changes

No changes.

External Contributions

Stats

  • 88 commits
  • 35 closed tickets & PRs
  • Days since last release: 62

Assets

5
@github-actions github-actions
pmd_releases/6.41.0
ac68de1
This commit was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
Compare
Choose a tag to compare

PMD 6.41.0 (27-November-2021)

27-November-2021 - 6.41.0

The PMD team is pleased to announce PMD 6.41.0.

This is a minor release.

Table Of Contents

New and noteworthy

GitHub Action for PMD

PMD now has its own official GitHub Action: GitHub Action for PMD.
It can execute PMD with your own ruleset against your project. It creates a SARIF
report which is uploaded as a build artifact. Furthermore the build can be failed based on the number of violations.

Feedback and pull requests are welcome at https://github.com/pmd/pmd-github-action.

Last release in 2021

This minor release will be the last one in 2021. The next release is scheduled to be end of January 2022.

Fixed Issues

  • core
    • #2954: Create GitHub Action for PMD
    • #3424: [core] Migrate CLI to using GNU-style long options
    • #3425: [core] Add a --version CLI option
    • #3593: [core] Ant task fails with Java17
    • #3635: [ci] Update sample projects for regression tester
  • java-bestpractices
    • #3595: [java] PrimitiveWrapperInstantiation: no violation on 'new Boolean(val)'
    • #3613: [java] ArrayIsStoredDirectly doesn't consider nested classes
    • #3614: [java] JUnitTestsShouldIncludeAssert doesn't consider nested classes
    • #3618: [java] UnusedFormalParameter doesn't consider anonymous classes
    • #3630: [java] MethodReturnsInternalArray doesn't consider anonymous classes
  • java-design
    • #3620: [java] SingularField doesn't consider anonymous classes defined in non-private fields
  • java-errorprone
    • #3624: [java] TestClassWithoutTestCases reports wrong classes in a file
  • java-performance
    • #3491: [java] UselessStringValueOf: False positive when valueOf(char [], int, int) is used

API Changes

Command Line Interface

The command line options for PMD and CPD now use GNU-syle long options format. E.g. instead of -rulesets the
preferred usage is now --rulesets. Alternatively one can still use the short option -R.
Some options also have been renamed to a more consistent casing pattern at the same time
(--fail-on-violation instead of -failOnViolation).
The old single-dash options are still supported but are deprecated and will be removed with PMD 7.
This change makes the command line interface more consistent within PMD and also less surprising
compared to other cli tools.

The changes in detail for PMD:

old option new option
-rulesets --rulesets (or -R)
-uri --uri
-dir --dir (or -d)
-filelist --file-list
-ignorelist --ignore-list
-format --format (or -f)
-debug --debug
-verbose --verbose
-help --help
-encoding --encoding
-threads --threads
-benchmark --benchmark
-stress --stress
-shortnames --short-names
-showsuppressed --show-suppressed
-suppressmarker --suppress-marker
-minimumpriority --minimum-priority
-property --property
-reportfile --report-file
-force-language --force-language
-auxclasspath --aux-classpath
-failOnViolation --fail-on-violation
--failOnViolation --fail-on-violation
-norulesetcompatibility --no-ruleset-compatibility
-cache --cache
-no-cache --no-cache

The changes in detail for CPD:

old option new option
--failOnViolation --fail-on-violation
-failOnViolation --fail-on-violation
--filelist --file-list

External Contributions

Stats

  • 80 commits
  • 23 closed tickets & PRs
  • Days since last release: 28

Assets

5
@github-actions github-actions
pmd_releases/6.40.0
be09a31
This commit was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
Compare
Choose a tag to compare

PMD 6.40.0 (30-October-2021)

30-October-2021 - 6.40.0

The PMD team is pleased to announce PMD 6.40.0.

This is a minor release.

Table Of Contents

New and noteworthy

Updated Apex Support

  • The Apex language support has been bumped to version 54.0 (Spring '22).

New rules

    <rule ref="category/apex/performance.xml/EagerlyLoadedDescribeSObjectResult" />

Modified rules

  • The Apex rule ApexUnitTestClassShouldHaveAsserts has a new property
    additionalAssertMethodPattern. When specified the pattern is evaluated against each invoked
    method name to determine whether it represents a test assertion in addition to the standard names.

  • The Apex rule ApexDoc has a new property reportMissingDescription.
    If set to false (default is true if unspecified) doesn't report an issue if the @description
    tag is missing. This is consistent with the ApexDoc dialect supported by derivatives such as
    SfApexDoc and also with analogous documentation tools for
    other languages, e.g., JavaDoc, ESDoc/JSDoc, etc.

  • The Apex rule ApexCRUDViolation has a couple of new properties:
    These allow specification of regular-expression-based patterns for additional methods that should
    be considered valid for pre-CRUD authorization beyond those offered by the system Apex checks and
    ESAPI, e.g., sirono-common's AuthorizationUtil class.
    Two new properties have been added per-CRUD operation, one to specify the naming pattern for a method
    that authorizes that operation and another to specify the argument passed to that method that contains
    the SObjectType instance of the type being authorized. Here is an example of these new properties:

    <rule ref="category/apex/security.xml/ApexCRUDViolation" message="...">
  <priority>3</priority>
  <properties>
    <property name="createAuthMethodPattern" value="AuthorizationUtil\.(is|assert)(Createable|Upsertable)"/>
    <!--
     There's one of these properties for each operation, and the default value is 0 so this is technically
     superfluous, but it's included it here for example purposes.
     -->
    <property name="createAuthMethodTypeParamIndex" value="0"/>
    <property name="readAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Accessible"/>
    <property name="updateAuthMethodPattern" value="AuthorizationUtil\.(is|assert)(Updateable|Upsertable)"/>
    <property name="deleteAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Deletable"/>
    <property name="undeleteAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Undeletable"/>
    <property name="mergeAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Mergeable"/>
  </properties>
</rule>

  • The Apex rule EmptyStatementBlock has two new properties:

    Setting reportEmptyPrivateNoArgConstructor to false ignores empty private no-arg constructors
    that are commonly used in singleton pattern implementations and utility classes in support of
    prescribed best practices.

    Setting reportEmptyVirtualMethod to false ignores empty virtual methods that are commonly used in
    abstract base classes as default no-op implementations when derived classes typically only override a
    subset of virtual methods.

    By default, both properties are true to not change the default behaviour of this rule.

  • The Apex rule EmptyCatchBlock has two new properties modeled after the analgous Java rule:

    The allowCommentedBlocks property, when set to true (defaults to false), ignores empty blocks containing comments, e.g.:

    try {
    doSomethingThatThrowsAnExpectedException();
    System.assert(false, 'Expected to catch an exception.');
} catch (Exception e) {
    // Expected
}

    The allowExceptionNameRegex property is a regular expression for exception variable names for which empty catch blocks should be ignored by this rule. For example, using the default property value of ^(ignored|expected)$, the following empty catch blocks will not be reported:

    try {
    doSomethingThatThrowsAnExpectedException();
    System.assert(false, 'Expected to catch an exception.');
} catch (IllegalStateException ignored) {
} catch (NumberFormatException expected) {
}

  • The Apex rule OneDeclarationPerLine has a new property reportInForLoopInitializer:
    If set to false (default is true if unspecified) doesn't report an issue for multiple declarations in
    a for loop's initializer section. This is support the common idiom of one declaration for the loop variable
    and another for the loop bounds condition, e.g.,

    for (Integer i = 0, numIterations = computeNumIterations(); i < numIterations; i++) {
}

  • The Java rule ClassNamingConventions uses a different default value of the
    property utilityClassPattern: This rule was detecting utility classes by default since PMD 6.3.0
    and enforcing the naming convention that utility classes has to be suffixed with Util or Helper or Constants.
    However this turned out to be not so useful as a default configuration, as there is no standard
    naming convention for utility classes.

    With PMD 6.40.0, the default value of this property has been changed to [A-Z][a-zA-Z0-9]*
    (Pascal case), effectively disabling the special handling of utility classes. This is the same default
    pattern used for concrete classes.

    This means, that the feature to enforce a naming convention for utility classes is now a opt-in
    feature and can be enabled on demand.

    To use the old behaviour, the property needs to be configured as follows:

    <rule ref="category/java/codestyle.xml/ClassNamingConventions">
    <properties>
        <property name="utilityClassPattern" value="[A-Z][a-zA-Z0-9]+(Utils?|Helper|Constants)" />
    </properties>
</rule>

Fixed Issues

  • apex
    • #1089: [apex] ApexUnitTestClassShouldHaveAsserts: Test asserts in other methods not detected
    • #1090: [apex] ApexCRUDViolation: checks not detected if done in another method
    • #3532: [apex] Promote usage of consistent getDescribe() info
    • #3566: [apex] ApexDoc rule should not require "@description"
    • #3568: [apex] EmptyStatementBlock: should provide options to ignore empty private constructors and empty virtual methods
    • #3569: [apex] EmptyCatchBlock: should provide an option to ignore empty catch blocks in test methods
    • #3570: [apex] OneDeclarationPerLine: should provide an option to ignore multiple declarations in a for loop initializer
    • #3576: [apex] ApexCRUDViolation should provide an option to specify additional patterns for methods that encapsulate authorization checks
    • #3579: [apex] ApexCRUDViolation: false negative with undelete
  • java-bestpractices
    • #3542: [java] MissingOverride: False negative for enum method
  • java-codestyle
    • #1595: [java] Discuss default for utility classes in ClassNamingConventions
    • #3563: [java] The ClassNamingConventionsRule false-positive's on the class name "Constants"
  • java-errorprone
    • #3560: [java] InvalidLogMessageFormat: False positive with message and exception in a block inside a lambda
  • java-performance
    • #2364: [java] AddEmptyString false positive in annotation value
  • java-security
    • #3368: [java] HardcodedCryptoKey false negative with variable assignments

API Changes

Experimental APIs

  • The interface ASTCommentContainer has been added to the Apex AST.
    It provides a way to check whether a node contains at least one comment. Currently this is only implemented for
    ASTCatchBlockStatement and used by the rule
    EmptyCatchBlock.
    This information is also available via XPath attribute @ContainsComment.

External Contributions

  • #3538: [apex] New rule EagerlyLoadedDescribeSObjectResult - Jonathan Wiesel
  • #3549: [java] Ignore AddEmptyString rule in annotations - Stanislav Myachenkov
  • #3561: [java] InvalidLogMessageFormat: False positive with message and exception in a block inside a lambda - Nicolas Filotto
  • #3565: [doc] Fix resource leak due to Files.walk - lujiefsi
  • #3571: [apex] Fix for #1089 - Added new configuration property additionalAssertMethodPattern to ApexUnitTestClassShouldHaveAssertsRule - Scott Wells
  • #3572: [apex] Fix for #3566 - Added new configuration property reportMissingDescription to ApexDocRule - Scott Wells
  • #3573: [apex] Fix for #3568 - Added new configuration properties reportEmptyPrivateNoArgConstructor and reportEmptyVirtualMethod to EmptyStatementBlock - Scott Wells
  • #3574: [apex] Fix for #3569 - Added new configuration properties allowCommentedBlocks and allowExceptionNameRegex to EmptyCatchBlock - Scott Wells
  • #3575: [apex] Fix for #3570 - Added new configuration property reportInForLoopInitializer to OneDeclarationPerLine - Scott Wells
  • #3577: [apex] Fix for #3576 - Added new configuration properties *AuthMethodPattern and *AuthMethodTypeParamIndex to ApexCRUDViolation rule - Scott Wells
  • #3578: [apex] ApexCRUDViolation: Documentation changes for #3576 - Scott Wells
  • #3580: [doc] Release notes updates for the changes in issue #3569 - Scott Wells
  • #3581: [apex] #3569 - Requested changes for code review feedback - Scott Wells

Stats

  • 72 commits
  • 37 closed tickets & PRs
  • Days since last release: 34

Contributors

description

Assets

5
@pmd-bot pmd-bot
pmd_releases/6.39.0
90b051b
This commit was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
Compare
Choose a tag to compare

PMD 6.39.0 (25-September-2021)

25-September-2021 - 6.39.0

The PMD team is pleased to announce PMD 6.39.0.

This is a minor release.

Table Of Contents

New and noteworthy

All Contributors

PMD follows the All Contributors specification.
Contributions of any kind welcome!

See credits for our complete contributors list.

Fixed Issues

  • core
    • #3499: [core] Fix XPath rulechain with combined node tests
  • java-errorprone
    • #3493: [java] AvoidAccessibilityAlteration: add tests and fix rule
  • javascript
    • #3516: [javascript] NPE while creating rule violation when specifying explicit line numbers
  • plsql
    • #3487: [plsql] Parsing exception OPEN ref_cursor_name FOR statement
    • #3515: [plsql] Parsing exception SELECT...INTO on Associative Arrays Types

API Changes

No changes.

External Contributions

  • #3516: [javascript] NPE while creating rule violation when specifying explicit line numbers - Kevin Guerra

Stats

  • 37 commits
  • 10 closed tickets & PRs
  • Days since last release: 27

Assets

5
@pmd-bot pmd-bot
pmd_releases/6.38.0
7d11a02
This commit was signed with the committer’s verified signature.
adangel Andreas Dangel
GPG key ID: 93450DF2DF9A3FA3
Learn about vigilant mode.
Compare
Choose a tag to compare

PMD 6.38.0 (28-August-2021)

28-August-2021 - 6.38.0

The PMD team is pleased to announce PMD 6.38.0.

This is a minor release.

Table Of Contents

Fixed Issues

  • apex
    • #3462: [apex] SOQL performed in a for-each loop doesn't trigger ApexCRUDViolationRule
    • #3484: [apex] ApexCRUDViolationRule maintains state across files
  • core
    • #3446: [core] Allow XPath rules to access the current file name
  • java-bestpractices
    • #3403: [java] MethodNamingConventions junit5TestPattern does not detect parameterized tests

External Contributions

Stats

  • 32 commits
  • 8 closed tickets & PRs
  • Days since last release: 27

Assets

5