github SonarSource/sonar-java

Release Notes - SonarJava - Version 6.6


  • [SONARJAVA-3382] - Computing method behavior for Java 14 methods fails

  • [SONARJAVA-3448] - IndexOutOfBoundsException on S5863 when "containsX" is called without argument.

  • [SONARJAVA-3452] - Analysis fails when transpiling JSP with jar stripped of code

  • [SONARJAVA-3453] - JSP files shouldn't be analyzed for SQ < 8.3

New Feature

  • [SONARJAVA-3286] - Support Java 14

  • [SONARJAVA-3404] - Rule S5852: Using slow regular expressions is security-sensitive

  • [SONARJAVA-3412] - Rule S5840: Regex patterns and their sub-patterns should not always fail

  • [SONARJAVA-3413] - Rule S5842: Regex repetition pattern's body should not match the empty String

  • [SONARJAVA-3415] - Rule S5843: Regular expressions should not be too complicated

  • [SONARJAVA-3416] - Rule S5846: Empty lines should not be tested with regex MULTILINE flag

  • [SONARJAVA-3417] - Rule S5850: Alternatives in regular expressions should be grouped when used with anchors

  • [SONARJAVA-3419] - Rule S5854: Regex containing characters subjects to normalization should use the CANON_EQ flag

  • [SONARJAVA-3420] - Rule S5856: Regular expressions should be syntactically valid

  • [SONARJAVA-3421] - Rule S5857: Regular expressions character classes should be preferred over non-greedy quantifiers

  • [SONARJAVA-3422] - Rule S5860: Names of regular expressions named groups should be used

  • [SONARJAVA-3423] - Rule S5866: Case insensitive Unicode regular expressions should enable the “UNICODE_CASE” flag

  • [SONARJAVA-3424] - Rule S5867: Unicode-aware versions of character classes should be preferred

  • [SONARJAVA-3425] - Create a dedicated regex parser to allow implementation of java rules targeting regex

  • [SONARJAVA-3426] - Rule S5868: Unicode Grapheme Clusters should be avoided inside regex character classes

  • [SONARJAVA-3427] - Rule S5869: Character classes in regular expressions should not contain the same character twice



  • [SONARJAVA-2163] - S2187 support detecting of test class without tests for classes matched by maven-surefire and gradle

  • [SONARJAVA-3049] - Resolve semantic for switch expression

  • [SONARJAVA-3270] - Update ASM to 8.0.1 for Java 14 support

  • [SONARJAVA-3332] - Upgrade ECJ to 3.22.0 for Java 14 support

  • [SONARJAVA-3434] - S5542: add a secondary location to the insecure cypher declaration

  • [SONARJAVA-3460] - S3457, S2275: Rework printf-style format rules


  • [SONARJAVA-3237] - S1142 should be ignored in equals methods

  • [SONARJAVA-3254] - S3398 Should not suggest to move static method to non-static inner

  • [SONARJAVA-3304] - FP in S2201: support new switch expression

  • [SONARJAVA-3368] - FP in S4276: interfaces with generic wildcard types can't be specialized

  • [SONARJAVA-3369] - FP S1228 (PackageInfoCheck) when there are several source directories

  • [SONARJAVA-3370] - FP S5411 (BoxedBooleanExpressionsCheck) on method invocation having @NotNull

  • [SONARJAVA-3377] - Avoid FP for Google AutoValue classes

  • [SONARJAVA-3379] - FP in S4248 for Pattern in a class annotated with Lombok @UtilityClass

  • [SONARJAVA-3418] - S2275: FP when passing a Throwable as last argument

  • [SONARJAVA-3437] - FP in S2325 due to Lombok "@UtilityClass"

  • [SONARJAVA-3449] - FP on S2141 when equals() without default implementation is defined in an interface

  • [SONARJAVA-3450] - FP on S3973 on valid generated equals methods from IntelliJ

  • [SONARJAVA-3454] - FP in S2970 when "assertThatThrownBy" is used alone

  • [SONARJAVA-3456] - Don't raise S2160 when extending class overriding equals using an abstract definition

  • [SONARJAVA-3461] - FP in S5838: simplification with "isEqualTo" can not always be made on Object assertions

  • [SONARJAVA-3465] - FPs and FNs related to quoting characters in regular expressions

False Negative

  • [SONARJAVA-3400] - FN in S2885(StaticMultithreadedUnsafeFieldsCheck) for DateFormat.getDateInstance()

  • [SONARJAVA-3403] - FN in S4970: support unrelated Exception

  • [SONARJAVA-3440] - FN in S1194: Support extending sub-classes of Error

  • [SONARJAVA-3455] - FN in S2111 for boxed Double and Float

  • [SONARJAVA-3457] - FN in S5361 when using backslashes

  • [SONARJAVA-3459] - FN on S1128 (UselessImportCheck) when comments contain the class name within a word

latest releases: test_rules_cov,,
6 months ago