Release Notes - SonarJava - Version 6.6 - HTML format

Sub-task

  • [SONARJAVA-3428] - Be able to report issues within String tokens
  • [SONARJAVA-3436] - Be able to cache regex AST in order to not recompute them systematically

Bug

  • [SONARJAVA-3382] - Computing method behavior for Java 14 methods fails
  • [SONARJAVA-3448] - IndexOutOfBoundsException on S5863 when "containsX" is called without argument.
  • [SONARJAVA-3452] - Analysis fails when transpiling JSP with jar stripped of code
  • [SONARJAVA-3453] - JSP files shouldn't be analyzed for SQ < 8.3

New Feature

  • [SONARJAVA-3286] - Support Java 14
  • [SONARJAVA-3404] - Rule S5852: Using slow regular expressions is security-sensitive
  • [SONARJAVA-3412] - Rule S5840: Regex patterns and their sub-patterns should not always fail
  • [SONARJAVA-3413] - Rule S5842: Regex repetition pattern's body should not match the empty String
  • [SONARJAVA-3415] - Rule S5843: Regular expressions should not be too complicated
  • [SONARJAVA-3416] - Rule S5846: Empty lines should not be tested with regex MULTILINE flag
  • [SONARJAVA-3417] - Rule S5850: Alternatives in regular expressions should be grouped when used with anchors
  • [SONARJAVA-3419] - Rule S5854: Regex containing characters subjects to normalization should use the CANON_EQ flag
  • [SONARJAVA-3420] - Rule S5856: Regular expressions should be syntactically valid
  • [SONARJAVA-3421] - Rule S5857: Regular expressions character classes should be preferred over non-greedy quantifiers
  • [SONARJAVA-3422] - Rule S5860: Names of regular expressions named groups should be used
  • [SONARJAVA-3423] - Rule S5866: Case insensitive Unicode regular expressions should enable the “UNICODE_CASE” flag
  • [SONARJAVA-3424] - Rule S5867: Unicode-aware versions of character classes should be preferred
  • [SONARJAVA-3425] - Create a dedicated regex parser to allow implementation of java rules targeting regex
  • [SONARJAVA-3426] - Rule S5868: Unicode Grapheme Clusters should be avoided inside regex character classes
  • [SONARJAVA-3427] - Rule S5869: Character classes in regular expressions should not contain the same character twice

Task

Improvement

  • [SONARJAVA-2163] - S2187 support detecting of test class without tests for classes matched by maven-surefire and gradle
  • [SONARJAVA-3049] - Resolve semantic for switch expression
  • [SONARJAVA-3270] - Update ASM to 8.0.1 for Java 14 support
  • [SONARJAVA-3332] - Upgrade ECJ to 3.22.0 for Java 14 support
  • [SONARJAVA-3434] - S5542: add a secondary location to the insecure cypher declaration
  • [SONARJAVA-3460] - S3457, S2275: Rework printf-style format rules

False-Positive

  • [SONARJAVA-3237] - S1142 should be ignored in equals methods
  • [SONARJAVA-3254] - S3398 Should not suggest to move static method to non-static inner
  • [SONARJAVA-3304] - FP in S2201: support new switch expression
  • [SONARJAVA-3368] - FP in S4276: interfaces with generic wildcard types can't be specialized
  • [SONARJAVA-3369] - FP S1228 (PackageInfoCheck) when there are several source directories
  • [SONARJAVA-3370] - FP S5411 (BoxedBooleanExpressionsCheck) on method invocation having @NotNull
  • [SONARJAVA-3377] - Avoid FP for Google AutoValue classes
  • [SONARJAVA-3379] - FP in S4248 for Pattern in a class annotated with Lombok @UtilityClass
  • [SONARJAVA-3418] - S2275: FP when passing a Throwable as last argument
  • [SONARJAVA-3437] - FP in S2325 due to Lombok "@UtilityClass"
  • [SONARJAVA-3449] - FP on S2141 when equals() without default implementation is defined in an interface
  • [SONARJAVA-3450] - FP on S3973 on valid generated equals methods from IntelliJ
  • [SONARJAVA-3454] - FP in S2970 when "assertThatThrownBy" is used alone
  • [SONARJAVA-3456] - Don't raise S2160 when extending class overriding equals using an abstract definition
  • [SONARJAVA-3461] - FP in S5838: simplification with "isEqualTo" can not always be made on Object assertions
  • [SONARJAVA-3465] - FPs and FNs related to quoting characters in regular expressions

False Negative

  • [SONARJAVA-3400] - FN in S2885(StaticMultithreadedUnsafeFieldsCheck) for DateFormat.getDateInstance()
  • [SONARJAVA-3403] - FN in S4970: support unrelated Exception
  • [SONARJAVA-3440] - FN in S1194: Support extending sub-classes of Error
  • [SONARJAVA-3455] - FN in S2111 for boxed Double and Float
  • [SONARJAVA-3457] - FN in S5361 when using backslashes
  • [SONARJAVA-3459] - FN on S1128 (UselessImportCheck) when comments contain the class name within a word

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.