SonarSource/sonar-java 6.10.0.24201

on GitHub

    Release Notes - SonarJava - Version 6.10.0.24201

Bug

• [SONARJAVA-3056] - Classes for the analysis are loaded with parent first strategy
• [SONARJAVA-3602] - JavaCheckVerifier does not support consistent behavior when having multiple issues reported on the same line

New Feature

• [SONARJAVA-3550] - Rule S5994: Regex patterns following a possessive quantifier should not always fail
• [SONARJAVA-3552] - Rule S5996: Regex boundaries should not be used in a way that can never match
• [SONARJAVA-3554] - Rule S5998: Regular expressions should not overflow the stack
• [SONARJAVA-3557] - Rule S6001: Back references in regular expressions should only refer to capturing groups that are matched before the reference
• [SONARJAVA-3560] - Rule S6002: Regex lookahead assertions should not be contradictory
• [SONARJAVA-3566] - Rule S5855: Regex alternatives should not be redundant
• [SONARJAVA-3567] - Rule S6019: Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string
• [SONARJAVA-3572] - Rule S6035: Single-character alternations in regular expressions should be replaced with character classes
• [SONARJAVA-3608] - Rule S6068: Call to Mockito method "verify", "when" or "given" should be simplified
• [SONARJAVA-3610] - Rule S6070: The regex escape sequence \cX should only be used with characters in the @-_ range

Task

• [SONARJAVA-3544] - Fix the regression on issue filtering by reverting SONARJAVA-3241 before SQ 8.x LTS
• [SONARJAVA-3549] - Add support for automata-based analyses for regular expressions
• [SONARJAVA-3551] - Implement helper to find whether state in regex automaton is reachable without consuming input
• [SONARJAVA-3564] - Implement intersects and supersetOf helper for regex automata
• [SONARJAVA-3600] - Remove (re)declaration of fail fast property.
• [SONARJAVA-3622] - Drop unused Symbolic Execution debugging rules
• [SONARJAVA-3627] - Update rules metadata

Improvement

• [SONARJAVA-3546] - Issue message of S5961 should contains the number of actual assertions
• [SONARJAVA-3547] - Improve rule S1612 to replace casts with method reference
• [SONARJAVA-3548] - Improve rule S5838 to handle maps and longs
• [SONARJAVA-3553] - S5778 and S5783: Improve primary and secondary issue message
• [SONARJAVA-3559] - Do not report issues of S1130 on Runtime Exceptions
• [SONARJAVA-3561] - AbstractRegexCheck should target more regex providers
• [SONARJAVA-3562] - Improve Regex rules to consider more string literals as Pattern
• [SONARJAVA-3569] - Improve issue locations of S5869
• [SONARJAVA-3587] - Typo in message of S3457
• [SONARJAVA-3588] - Java Analyzer should be able to parse Jigsaw module-info.java files even when misconfigured
• [SONARJAVA-3616] - Make S2699 support RestAssured 2.x as well (and not only 3.x & 4.x)
• [SONARJAVA-3623] - Update rule S5803 to support all annotations named @VisibleForTesting

False-Positive

• [SONARJAVA-3470] - Add more exceptions to S107
• [SONARJAVA-3545] - Rule S4973 shouldn't report an issue if "==" is used to compare Boolean constants
• [SONARJAVA-3565] - FP on S1948 when using SpringBean from Apache Wicket
• [SONARJAVA-3571] - FP on S1948 when collection implements Serializable
• [SONARJAVA-3577] - FP in S3457 when slf4j log arguments contains a concatenation and a single Throwable
• [SONARJAVA-3579] - FP in S1170 when class is annotated with @lombok.Builder and field with @default
• [SONARJAVA-3580] - FP in S2390: do not report an issue on static class nested in the parent.
• [SONARJAVA-3586] - Support Nullable annotation from reactor-core
• [SONARJAVA-3598] - FP in S2973 when symbol is in lowercase
• [SONARJAVA-3599] - FP in S2226 for non final Servlet fields initialized in init() method without parameters
• [SONARJAVA-3605] - FP in S3305 when field has an initializer
• [SONARJAVA-3612] - FP in S1185 when class is annotated "@transactional"
• [SONARJAVA-3613] - FP in S1193 when the catch block contains more code
• [SONARJAVA-3615] - FP in S1905 when casted argument is a method reference to a varargs.
• [SONARJAVA-3617] - S1170 should not raise an issue when the initializer contains "this" or "super"
• [SONARJAVA-3618] - FP on S3438 when "value" is set inside the property tag
• [SONARJAVA-3619] - FP S2589 when Boolean variable doesn't always evaluate to TRUE/FALSE
• [SONARJAVA-3621] - Union of Unknown types should be Unknown

False Negative

• [SONARJAVA-3130] - S3824: raise issue when "containsKey" is used
• [SONARJAVA-3482] - Support character classes as operand to reluctant quantifier in rule S5857
• [SONARJAVA-3483] - FN in S5869 with escaped character classes