Summary
This version introduce mostly adjustments to minor components including the logging, bug descriptions and online documentation.
Nonetheless, many new detectors found their way into this release. David Formánek has contributed a very interesting set of signatures to detect hardcoded password and cryptographic keys (#46). 34 new APIs are covered with this single contribution. If you have any problem with the new detector, fill an issue with problematic code sample. Even-thought it is an important addition, the contribution is well covered by the tests and should not cause any problems.
Another detector targeting hardcoded password was added. It identify OAuth secret that are static in Spring applications. (#57)
Implemented enhancements:
- Detector hard coded Spring OAuth secret key #57
- Add CWE references to messages (few missing) #52
- Create a japanese page on the micro-website for the bug patterns #50
- NetBeans tutorial #45
- Update the documentation for Sonar Qube #44
Fixed bugs:
- XXE - reader False Positive #47
- Fix URLs in messages.xml #43
- CustomInjectionSource.properties not found #42
Closed issues:
- Create a tutorial for IntelliJ IDE #51
Merged pull requests: