github SonarSource/sonar-java 6.10.0.24201

Release Notes - SonarJava - Version 6.10

Bug



  • [SONARJAVA-3056] - Classes for the analysis are loaded with parent first strategy

  • [SONARJAVA-3602] - JavaCheckVerifier does not support consistent behavior when having multiple issues reported on the same line

New Feature



  • [SONARJAVA-3550] - Rule S5994: Regex patterns following a possessive quantifier should not always fail

  • [SONARJAVA-3552] - Rule S5996: Regex boundaries should not be used in a way that can never match

  • [SONARJAVA-3554] - Rule S5998: Regular expressions should not overflow the stack

  • [SONARJAVA-3557] - Rule S6001: Back references in regular expressions should only refer to capturing groups that are matched before the reference

  • [SONARJAVA-3560] - Rule S6002: Regex lookahead assertions should not be contradictory

  • [SONARJAVA-3566] - Rule S5855: Regex alternatives should not be redundant

  • [SONARJAVA-3567] - Rule S6019: Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string

  • [SONARJAVA-3572] - Rule S6035: Single-character alternations in regular expressions should be replaced with character classes

  • [SONARJAVA-3608] - Rule S6068: Call to Mockito method "verify", "when" or "given" should be simplified

  • [SONARJAVA-3610] - Rule S6070: The regex escape sequence \cX should only be used with characters in the @-_ range

Task



  • [SONARJAVA-3544] - Fix the regression on issue filtering by reverting SONARJAVA-3241 before SQ 8.x LTS

  • [SONARJAVA-3549] - Add support for automata-based analyses for regular expressions

  • [SONARJAVA-3551] - Implement helper to find whether state in regex automaton is reachable without consuming input

  • [SONARJAVA-3564] - Implement intersects and supersetOf helper for regex automata

  • [SONARJAVA-3600] - Remove (re)declaration of fail fast property.

  • [SONARJAVA-3622] - Drop unused Symbolic Execution debugging rules

  • [SONARJAVA-3627] - Update rules metadata

Improvement



  • [SONARJAVA-3546] - Issue message of S5961 should contains the number of actual assertions

  • [SONARJAVA-3547] - Improve rule S1612 to replace casts with method reference

  • [SONARJAVA-3548] - Improve rule S5838 to handle maps and longs

  • [SONARJAVA-3553] - S5778 and S5783: Improve primary and secondary issue message

  • [SONARJAVA-3559] - Do not report issues of S1130 on Runtime Exceptions

  • [SONARJAVA-3561] - AbstractRegexCheck should target more regex providers

  • [SONARJAVA-3562] - Improve Regex rules to consider more string literals as Pattern

  • [SONARJAVA-3569] - Improve issue locations of S5869

  • [SONARJAVA-3587] - Typo in message of S3457

  • [SONARJAVA-3588] - Java Analyzer should be able to parse Jigsaw module-info.java files even when misconfigured

  • [SONARJAVA-3616] - Make S2699 support RestAssured 2.x as well (and not only 3.x & 4.x)

  • [SONARJAVA-3623] - Update rule S5803 to support all annotations named @VisibleForTesting

False-Positive



  • [SONARJAVA-3470] - Add more exceptions to S107

  • [SONARJAVA-3545] - Rule S4973 shouldn't report an issue if "==" is used to compare Boolean constants

  • [SONARJAVA-3565] - FP on S1948 when using SpringBean from Apache Wicket

  • [SONARJAVA-3571] - FP on S1948 when collection implements Serializable

  • [SONARJAVA-3577] - FP in S3457 when slf4j log arguments contains a concatenation and a single Throwable

  • [SONARJAVA-3579] - FP in S1170 when class is annotated with @lombok.Builder and field with @Default

  • [SONARJAVA-3580] - FP in S2390: do not report an issue on static class nested in the parent.

  • [SONARJAVA-3586] - Support Nullable annotation from reactor-core

  • [SONARJAVA-3598] - FP in S2973 when symbol is in lowercase

  • [SONARJAVA-3599] - FP in S2226 for non final Servlet fields initialized in init() method without parameters

  • [SONARJAVA-3605] - FP in S3305 when field has an initializer

  • [SONARJAVA-3612] - FP in S1185 when class is annotated "@Transactional"

  • [SONARJAVA-3613] - FP in S1193 when the catch block contains more code

  • [SONARJAVA-3615] - FP in S1905 when casted argument is a method reference to a varargs.

  • [SONARJAVA-3617] - S1170 should not raise an issue when the initializer contains "this" or "super"

  • [SONARJAVA-3618] - FP on S3438 when "value" is set inside the property tag

  • [SONARJAVA-3619] - FP S2589 when Boolean variable doesn't always evaluate to TRUE/FALSE

  • [SONARJAVA-3621] - Union of Unknown types should be Unknown

False Negative



  • [SONARJAVA-3130] - S3824: raise issue when "containsKey" is used

  • [SONARJAVA-3482] - Support character classes as operand to reluctant quantifier in rule S5857

  • [SONARJAVA-3483] - FN in S5869 with escaped character classes

latest releases: test_rules_cov, 6.11.0.24617, 6.11.0.24599...
one month ago