Release Notes - SonarJava - Version 6.9.0.23563
Bug
- [SONARJAVA-3285] - Java 13/14 preview feature "Text Block" produce highlighting IllegalArgumentException
- [SONARJAVA-3541] - NPE in Symbolic Execution engine when dealing with java 14 switch expressions without default
New Feature
- [SONARJAVA-3374] - Rule S5804 allowing user enumeration is security-sensitive
- [SONARJAVA-3396] - Rule S5808 Authorizations should be based on strong decisions
- [SONARJAVA-3411] - Rule S5876 A new session should be created during user authentication
- [SONARJAVA-3542] - RSPEC-5993 Constructors of an "abstract" class should not be declared "public"
Task
- [SONARJAVA-3543] - Update rules metadata
Improvement
- [SONARJAVA-3376] - Rule S3752: from Vulnerability to Security Hotspot and small improvements on the detection algorithm
- [SONARJAVA-3414] - Rule S4790: its content should be replaced by S2070
- [SONARJAVA-3472] - Document wildcards pattern in rule's parameters (S110, S1176)
- [SONARJAVA-3478] - S2201: Support common Collection and Map methods
- [SONARJAVA-3525] - S2333 supports redundant modifiers on nested interfaces and classes
- [SONARJAVA-3536] - Consistently support Nullable/CheckForNull/Nonnull annotations in rules
- [SONARJAVA-3539] - FP in S5845 when BigDecimal and BigInteger are compared with string
False-Positive
- [SONARJAVA-3468] - FP on S1905 when casted argument is an ambiguous method reference.
- [SONARJAVA-3479] - FP in S2184 when return is in another scope
- [SONARJAVA-3535] - Rule S3749 should not raise when the singleton has @ConfigurationProperties annotation
- [SONARJAVA-3540] - FP in S2175 when a primitive is auto-boxed into a subtype of Number.
False Negative
- [SONARJAVA-3388] - Rule S2070 should support "org.springframework.util.DigestUtils"
- [SONARJAVA-3538] - S5853 does not handle custom assertions