Release Notes - SonarJava - Version 6.6
Bug
- [SONARJAVA-3382] - Computing method behavior for Java 14 methods fails
- [SONARJAVA-3448] - IndexOutOfBoundsException on S5863 when "containsX" is called without argument.
- [SONARJAVA-3452] - Analysis fails when transpiling JSP with jar stripped of code
- [SONARJAVA-3453] - JSP files shouldn't be analyzed for SQ < 8.3
New Feature
- [SONARJAVA-3286] - Support Java 14
- [SONARJAVA-3404] - Rule S5852: Using slow regular expressions is security-sensitive
- [SONARJAVA-3412] - Rule S5840: Regex patterns and their sub-patterns should not always fail
- [SONARJAVA-3413] - Rule S5842: Regex repetition pattern's body should not match the empty String
- [SONARJAVA-3415] - Rule S5843: Regular expressions should not be too complicated
- [SONARJAVA-3416] - Rule S5846: Empty lines should not be tested with regex MULTILINE flag
- [SONARJAVA-3417] - Rule S5850: Alternatives in regular expressions should be grouped when used with anchors
- [SONARJAVA-3419] - Rule S5854: Regex containing characters subjects to normalization should use the CANON_EQ flag
- [SONARJAVA-3420] - Rule S5856: Regular expressions should be syntactically valid
- [SONARJAVA-3421] - Rule S5857: Regular expressions character classes should be preferred over non-greedy quantifiers
- [SONARJAVA-3422] - Rule S5860: Names of regular expressions named groups should be used
- [SONARJAVA-3423] - Rule S5866: Case insensitive Unicode regular expressions should enable the “UNICODE_CASE” flag
- [SONARJAVA-3424] - Rule S5867: Unicode-aware versions of character classes should be preferred
- [SONARJAVA-3425] - Create a dedicated regex parser to allow implementation of java rules targeting regex
- [SONARJAVA-3426] - Rule S5868: Unicode Grapheme Clusters should be avoided inside regex character classes
- [SONARJAVA-3427] - Rule S5869: Character classes in regular expressions should not contain the same character twice
Task
- [SONARJAVA-3464] - Update rules metadata
Improvement
- [SONARJAVA-2163] - S2187 support detecting of test class without tests for classes matched by maven-surefire and gradle
- [SONARJAVA-3049] - Resolve semantic for switch expression
- [SONARJAVA-3270] - Update ASM to 8.0.1 for Java 14 support
- [SONARJAVA-3332] - Upgrade ECJ to 3.22.0 for Java 14 support
- [SONARJAVA-3434] - S5542: add a secondary location to the insecure cypher declaration
- [SONARJAVA-3460] - S3457, S2275: Rework printf-style format rules
False-Positive
- [SONARJAVA-3237] - S1142 should be ignored in equals methods
- [SONARJAVA-3254] - S3398 Should not suggest to move static method to non-static inner
- [SONARJAVA-3304] - FP in S2201: support new switch expression
- [SONARJAVA-3368] - FP in S4276: interfaces with generic wildcard types can't be specialized
- [SONARJAVA-3369] - FP S1228 (PackageInfoCheck) when there are several source directories
- [SONARJAVA-3370] - FP S5411 (BoxedBooleanExpressionsCheck) on method invocation having @NotNull
- [SONARJAVA-3377] - Avoid FP for Google AutoValue classes
- [SONARJAVA-3379] - FP in S4248 for Pattern in a class annotated with Lombok @UtilityClass
- [SONARJAVA-3418] - S2275: FP when passing a Throwable as last argument
- [SONARJAVA-3437] - FP in S2325 due to Lombok "@UtilityClass"
- [SONARJAVA-3449] - FP on S2141 when equals() without default implementation is defined in an interface
- [SONARJAVA-3450] - FP on S3973 on valid generated equals methods from IntelliJ
- [SONARJAVA-3454] - FP in S2970 when "assertThatThrownBy" is used alone
- [SONARJAVA-3456] - Don't raise S2160 when extending class overriding equals using an abstract definition
- [SONARJAVA-3461] - FP in S5838: simplification with "isEqualTo" can not always be made on Object assertions
- [SONARJAVA-3465] - FPs and FNs related to quoting characters in regular expressions
False Negative
- [SONARJAVA-3400] - FN in S2885(StaticMultithreadedUnsafeFieldsCheck) for DateFormat.getDateInstance()
- [SONARJAVA-3403] - FN in S4970: support unrelated Exception
- [SONARJAVA-3440] - FN in S1194: Support extending sub-classes of Error
- [SONARJAVA-3455] - FN in S2111 for boxed Double and Float
- [SONARJAVA-3457] - FN in S5361 when using backslashes
- [SONARJAVA-3459] - FN on S1128 (UselessImportCheck) when comments contain the class name within a word