6.15.1.26025

    Release Notes - SonarJava - Version 6.15.1.26025

Bug

• [SONARJAVA-3808] - NPE in JMethodSymbol.overriddenSymbol
• [SONARJAVA-3812] - Analysis should stop without logging when a CancellationException is thrown

Task

• [SONARJAVA-3815] - Update rules metadata
• [SONARJAVA-3817] - Remove rules resulting in failing tests from default quality profile
• [SONARJAVA-3821] - Do not ship "sonar-plugin-api" implementation class with the analyzer components

Improvement

• [SONARJAVA-3801] - Rule S4423 should support okhttp library
• [SONARJAVA-3805] - Rule S5332 should support okhttp library

False-Positive

• [SONARJAVA-3797] - FP in S1854 for effective-final assignment of variables used in a lambda
• [SONARJAVA-3798] - FP in S1258 and S3749 when using Lombok "@DaTa" annotation
• [SONARJAVA-3804] - FP in S3077 when volatile is used with @immutable and @threadsafe annotations
• [SONARJAVA-3809] - S5979 should not report on objects initialized with `MockitoJUnit.rule()` followed by options
• [SONARJAVA-3811] - Rule S5542 should not be triggered when using CBC mode
• [SONARJAVA-3814] - S6212 should not suggest to use "var" when the initializer is a lambda or a method reference

False Negative

• [SONARJAVA-3785] - Rule S4605 is not detected with @SpringBootApplication
• [SONARJAVA-3810] - S5547 should report on some more weak algorithms
• [SONARJAVA-3813] - Rule S4790 should support more weak hash algorithms

6.15.0.25849

    Release Notes - SonarJava - Version  6.15.0.25849

Bug

• [SONARJAVA-3786] - Delete rule RSPEC-4603
• [SONARJAVA-3788] - Fix IndexOutOfBoundsException in S1166 (CatchUsesExceptionWithContextCheck:307)
• [SONARJAVA-3789] - Fix ClassCastException in S6202 (IsInstanceMethodCheck:70)
• [SONARJAVA-3790] - Fix ClassCastException in S5411 (BoxedBooleanExpressionsCheck:158)
• [SONARJAVA-3792] - Compilation of custom rule project fails due to missing metadata files

New Feature

• [SONARJAVA-3716] - Provide a user property to produce performance metrics
• [SONARJAVA-3741] - Rule S6202: Operator "instanceof" should be used instead of "A.class.isInstance()"
• [SONARJAVA-3743] - Rule S6203: Text blocks should not be used in complex expression
• [SONARJAVA-3749] - Rule S6205: Switch arrow labels should not use redundant keywords
• [SONARJAVA-3753] - Rule S6208: Comma-separated labels should be used in Switch with colon case
• [SONARJAVA-3759] - Rule S6212: Local-Variable Type Inference (var) should be used
• [SONARJAVA-3761] - Rule S6213: Restricted Identifiers should not be used as Identifiers

Task

• [SONARJAVA-3714] - Collect SquidSensor runtime data
• [SONARJAVA-3717] - Increase reliability of cirrus-ci nightly analyses by restarting some failed jobs
• [SONARJAVA-3720] - Push internal CI performance metrics to repository
• [SONARJAVA-3721] - Enable performance measurement for ruling
• [SONARJAVA-3722] - Compute measurement cost in performance metrics
• [SONARJAVA-3726] - Update tutorial with SQ 8.8 and latest embedded release of SonarJava
• [SONARJAVA-3728] - Update rules metadata
• [SONARJAVA-3793] - Drop usage of deprecated internal method "hasSemantic()" in our rules

Improvement

• [SONARJAVA-3666] - Add text block support for regex rules
• [SONARJAVA-3715] - Add size of file to slowest files analyzed output
• [SONARJAVA-3732] - Execute the move of the regex parser into analyzer-commons
• [SONARJAVA-3736] - Support Text Block in rules relying on String literals from expressions
• [SONARJAVA-3737] - Improve rules relying on String literals to support identifier from a final or effectively final variable.
• [SONARJAVA-3744] - Extend existing rules to support Switch Expression
• [SONARJAVA-3751] - Extend S4738 to suggest Java 9 "List.of", "Map.of", "Set.of" instead of Guava
• [SONARJAVA-3762] - S5838 should support Java 11 "String.isBlank()"
• [SONARJAVA-3766] - Improve rule description for ReDoS
• [SONARJAVA-3778] - Fix performance hotspots in S103 due to slow regex
• [SONARJAVA-3781] - All method overrides should be returned instead of only the first one
• [SONARJAVA-3787] - Children of Switch Statement should not be a Switch Expression
• [SONARJAVA-3796] - Fix possible Catastrophic backtracking in regex for S3518: Division by zero rule

False-Positive

• [SONARJAVA-3731] - S5786 should not report on abstract classes or overridding test methods
• [SONARJAVA-3734] - FP in S5979 when "ExtendWith" annotation is coming from a meta-annotation
• [SONARJAVA-3750] - S1199 should not report an issue for any Switch case containing a block
• [SONARJAVA-3772] - FP in S1943: Do not report an issue on any usage of Java 11 FileWriter and FileReader
• [SONARJAVA-3774] - S2755 should not raise when a non null resolver is set with XMLInputFactory.setXMLResolver
• [SONARJAVA-3776] - Fix FPs in S4276 when the generic argument left is a primitive wrapper

False Negative

• [SONARJAVA-3757] - "Nullable" from eclipse should be considered as a Strong Nullable.

6.14.0.25463

    Release Notes - SonarJava - Version  6.14.0.25463

Task

• [SONARJAVA-3702] - Rule S3066: change rule type to Code-Smell
• [SONARJAVA-3703] - Add custom rules examples from tutorial in repository
• [SONARJAVA-3708] - Rule S3751: change rule type to Code-Smell
• [SONARJAVA-3709] - Deprecate S3369
• [SONARJAVA-3727] - Update rules metadata

Improvement

• [SONARJAVA-3215] - S1166 add heuristics to support custom log frameworks
• [SONARJAVA-3558] - Issue filter should extends its filter to IDE-specific suppressed warnings
• [SONARJAVA-3568] - S5852 should use automata to increase its accuracy
• [SONARJAVA-3624] - Regex FP/FN with Supplementary Multilingual Plane
• [SONARJAVA-3629] - Improve S6002 RegexLookaheadCheck to support negative lookahead
• [SONARJAVA-3636] - Improve secondary message for regex rules when issues are reported across different string literals
• [SONARJAVA-3689] - Improve rule S110 to not report when hierarchy is too big already in library code
• [SONARJAVA-3701] - Prepare the move of the regex parser into its own project
• [SONARJAVA-3729] - Change S4434 to a security-hotspot
• [SONARJAVA-3730] - Add an exception to rule S121 for early returns
• [SONARJAVA-3733] - ReDoS: Don't call cubic and worse runtimes quadratic
• [SONARJAVA-3735] - Upgrade ECJ to 3.25.0

False-Positive

• [SONARJAVA-3570] - Relax Rule S5411 for boxed booleans if there is a null-checked before
• [SONARJAVA-3603] - FP on S4276 when Function is using "compose" or "andThen" methods
• [SONARJAVA-3625] - Possible FP in S5998 when using backreferences to large groups
• [SONARJAVA-3631] - FP in S6001 parsing of multi-digit backreferences
• [SONARJAVA-3635] - S2384 should not raise an issue when mutable members in temporary variable are not stored
• [SONARJAVA-3669] - S2325 should not raise on empty methods
• [SONARJAVA-3696] - S2755 should not raise when a xml document is build
• [SONARJAVA-3706] - FP in S2384, S2386: support any unmodifiable and immutable methods
• [SONARJAVA-3713] - FP in S5852 (ReDoS) involving possessive quantifiers
• [SONARJAVA-3747] - FPs in S5852 when repetition overlaps with non-repetition part

False Negative

• [SONARJAVA-2745] - FN on S2142: no issue raised when catching the generic Exception
• [SONARJAVA-3639] - FN in S5994 when `*+` is followed by a repetition
• [SONARJAVA-3640] - FN in S6002 for full matches and anchored patterns
• [SONARJAVA-3641] - FN in S5998
• [SONARJAVA-3653] - S5996 should raise issues even if the regex can match the empty string
• [SONARJAVA-3710] - Include Eclipse’s NonNullByDefault annotation on nonNullFields check

6.13.0.25138

    Release Notes - SonarJava - Version 6.13.0.25138

Bug

• [SONARJAVA-3690] - Update SonarQube Api to be compatible with the latest SQ

New Feature

• [SONARJAVA-2929] - Rule S2053: Hashes should include an unpredictable salt
• [SONARJAVA-3462] - Rule S4036: Searching OS commands in PATH is security-sensitive
• [SONARJAVA-3674] - Rule S5659: JWT should be signed and verified with strong cipher algorithms
• [SONARJAVA-3675] - Rule S5332: Using clear-text protocols is security-sensitive
• [SONARJAVA-3676] - Rule S5689: Disclosing fingerprints from web application technologies is security-sensitive
• [SONARJAVA-3677] - Rule S5443: Using publicly writable directories is security-sensitive
• [SONARJAVA-3679] - Rule S5693: Allowing requests with excessive content length is security-sensitive
• [SONARJAVA-3681] - Rule S5247: Disabling auto-escaping in template engines is security-sensitive

Task

• [SONARJAVA-3697] - Update rules metadata
• [SONARJAVA-3699] - Deprecate rule S2653
• [SONARJAVA-3700] - Deprecate rule S2089

Improvement

• [SONARJAVA-3660] - S2077 update message for primary and secondary locations
• [SONARJAVA-3663] - S2976 implementation moved to S5445
• [SONARJAVA-3664] - S4738 reports usage of Guava "createTempDir"
• [SONARJAVA-3686] - Deprecate rule S4834
• [SONARJAVA-3692] - Extract Symbolic Execution Engine and Checks from "java-frontend" module
• [SONARJAVA-3694] - Improve rule S1612 to replace instanceof lambda with method reference
• [SONARJAVA-3698] - Extract Check Verifier from "java-frontend" module into testkit

False-Positive

• [SONARJAVA-3278] - FP on S2115: JDBC connection string should not raise when password property is not used
• [SONARJAVA-3532] - S5042 should focus on zipbomb attacks
• [SONARJAVA-3648] - FP on S2384 (MutableMembersUsageCheck) for enum constructors
• [SONARJAVA-3649] - FP on S1157 (CaseInsensitiveComparisonCheck) when only one side is upper or lower case
• [SONARJAVA-3678] - FP in S5853 when map/flatMap is used
• [SONARJAVA-3684] - S2755 should not raise an issue when DocumentBuilder EntityResolver is customized
• [SONARJAVA-3685] - FP in S1125 when using null
• [SONARJAVA-3687] - S5979 should not report on classes annotated with JUnit5's @nested when the enclosing class properly initializes annotated objects
• [SONARJAVA-3688] - FP on S5860(UnusedGroupNamesCheck) for name referenced by dollar curly braces

False Negative

• [SONARJAVA-3469] - FN in S1219 when using blocks
• [SONARJAVA-3683] - S4502 should raise when CSRF protection is disabled on specific routes

6.12.0.24852

    Release Notes - SonarJava - Version 6.12.0.24852

Bug

• [SONARJAVA-3487] - [Java 14 - Records preview feature] NPE when accessing recordComponent.owner()
• [SONARJAVA-3488] - [Java 14 - Records preview feature] NPE when computing metrics of methods
• [SONARJAVA-3489] - [Java 14 - Records preview feature] S1123 NPE when visiting records
• [SONARJAVA-3490] - [Java 14 - Records preview feature] S1117 NPE when visiting records

New Feature

• [SONARJAVA-2961] - Rule S4977: Type parameters should not shadow other type parameters
• [SONARJAVA-3255] - Rule S5663: Simple string literal should be used for single line strings
• [SONARJAVA-3256] - Rule S5664: Whitespace for text block indent should be consistent
• [SONARJAVA-3257] - Rule S5665: Escape sequences should not be used in text blocks
• [SONARJAVA-3505] - Upgrade to ECJ 3.24 to enable support of Java 15
• [SONARJAVA-3606] - Rule S5979: Annotated Mockito objects should be initialized
• [SONARJAVA-3658] - Add support of Java 15 Text Blocks with a new dedicated Kind: TEXT_BLOCK
• [SONARJAVA-3670] - Rule S6126: String multiline concatenation can be replaced with a Text block

Task

• [SONARJAVA-3680] - Update rules metadata

Improvement

• [SONARJAVA-3114] - Message about missing bytecode dependencies should appear only when dependencies are actually missing
• [SONARJAVA-3563] - Report 10 slowest analyzed files
• [SONARJAVA-3657] - Improve S3986 to cover DateTimeFormatter
• [SONARJAVA-3665] - Add support of Text Blocks in S2973 (Escaped unicode characters)
• [SONARJAVA-3667] - Fix text block support in S2479
• [SONARJAVA-3671] - Improve rule S1192 to Support Text blocks
• [SONARJAVA-3672] - S1213 Check order of static and instance variables

False-Positive

• [SONARJAVA-3659] - S2755 should not raise an issue when "EntityResolver" is customized
• [SONARJAVA-3661] - FP on S2259 (Null Pointer Dereference) when using MapUtils from Apache Collections
• [SONARJAVA-3662] - Improve rule S2142 to check methods called inside catch block

6.11.0.24617

    Release Notes - SonarJava - Version 6.11.0.24617

Bug

• [SONARJAVA-3609] - JAR files passed to sonar.java.libraries remain locked after the analysis on Windows
• [SONARJAVA-3652] - SuppressWarnings Filter lose knowledge of filtered lines

New Feature

• [SONARJAVA-3614] - Rule S6073: Mockito argument matchers should be used on all parameters
• [SONARJAVA-3630] - Rule S6103: AssertJ assertions with "Consumer" arguments should contain assertion inside consumers
• [SONARJAVA-3632] - Rule S6104: Map "computeIfAbsent()" should not be used to add "null" values.
• [SONARJAVA-3637] - Introduce "sonar.java.jdkHome" to specify the JDK to be used by the analyzer to resolve JDK types

Task

• [SONARJAVA-3644] - Update rule metadata

Improvement

• [SONARJAVA-2154] - Reduce plugin size by removing guava dependency
• [SONARJAVA-3581] - S1994: Add a message on the secondary location
• [SONARJAVA-3582] - S2886: Add a message on the secondary location
• [SONARJAVA-3583] - S3516: Add a message on the secondary location
• [SONARJAVA-3584] - S1764: Add a message on secondary locations
• [SONARJAVA-3585] - S2115: Add a message on secondary locations
• [SONARJAVA-3589] - S2229: Add a message on secondary locations
• [SONARJAVA-3590] - S3415: Add a message on secondary locations
• [SONARJAVA-3591] - S2139: Add a message on secondary locations
• [SONARJAVA-3592] - S1191: Add a message on secondary locations
• [SONARJAVA-3593] - S3010: Add a message on secondary locations
• [SONARJAVA-3594] - S135: Add a message on secondary locations
• [SONARJAVA-3595] - S4288: Add a message on secondary locations
• [SONARJAVA-3596] - S4276: Add a message on secondary locations
• [SONARJAVA-3597] - S2786: Improve the primary message so that the secondary location becomes obvious
• [SONARJAVA-3634] - Extend rule S1860 according to JEP 390: Warnings for Value-Based Classes
• [SONARJAVA-3638] - Rule S2384: change rule type to Code-Smell
• [SONARJAVA-3645] - Improve debug logs
• [SONARJAVA-3651] - S4925: add support for DB2 JDBC Type 4 driver.
• [SONARJAVA-3654] - Provide MongoDB Nullness annotations to the SE engine
• [SONARJAVA-3655] - Update S6068 to cover latest mockito version

False-Positive

• [SONARJAVA-3467] - FP on S1948 when using both field and setter/constructor injection
• [SONARJAVA-3574] - S2755 FP when Factory is declared with lombok "val"
• [SONARJAVA-3578] - FP in S2147 when the type of the Exception is needed inside the body.
• [SONARJAVA-3620] - FP in S2384 when unmodifiable collection is returned from a non-final field
• [SONARJAVA-3628] - FP in S5853 when assertions "flatExtracting" prevent the chaining
• [SONARJAVA-3633] - FP in S4032 when there are several source directories
• [SONARJAVA-3642] - FP in S1874 when parent constructor is deprecated but not used
• [SONARJAVA-3647] - FP in S1481 when "for-each" variable nested in a lambda is actually used in the body
• [SONARJAVA-3650] - FP in S2970 for nested class using JUnit 5 Soft assertions extension.

False Negative

• [SONARJAVA-3555] - S4830 should support X509ExtendedTrustManager
• [SONARJAVA-3575] - FN in S2095: support Apache commons IOUtils methods not closing the stream
• [SONARJAVA-3626] - FN Rule S3824: Apply the same SymbolicValue for static constants or enum constants when used as MemberSelect

6.10.0.24201

    Release Notes - SonarJava - Version 6.10.0.24201

Bug

• [SONARJAVA-3056] - Classes for the analysis are loaded with parent first strategy
• [SONARJAVA-3602] - JavaCheckVerifier does not support consistent behavior when having multiple issues reported on the same line

New Feature

• [SONARJAVA-3550] - Rule S5994: Regex patterns following a possessive quantifier should not always fail
• [SONARJAVA-3552] - Rule S5996: Regex boundaries should not be used in a way that can never match
• [SONARJAVA-3554] - Rule S5998: Regular expressions should not overflow the stack
• [SONARJAVA-3557] - Rule S6001: Back references in regular expressions should only refer to capturing groups that are matched before the reference
• [SONARJAVA-3560] - Rule S6002: Regex lookahead assertions should not be contradictory
• [SONARJAVA-3566] - Rule S5855: Regex alternatives should not be redundant
• [SONARJAVA-3567] - Rule S6019: Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string
• [SONARJAVA-3572] - Rule S6035: Single-character alternations in regular expressions should be replaced with character classes
• [SONARJAVA-3608] - Rule S6068: Call to Mockito method "verify", "when" or "given" should be simplified
• [SONARJAVA-3610] - Rule S6070: The regex escape sequence \cX should only be used with characters in the @-_ range

Task

• [SONARJAVA-3544] - Fix the regression on issue filtering by reverting SONARJAVA-3241 before SQ 8.x LTS
• [SONARJAVA-3549] - Add support for automata-based analyses for regular expressions
• [SONARJAVA-3551] - Implement helper to find whether state in regex automaton is reachable without consuming input
• [SONARJAVA-3564] - Implement intersects and supersetOf helper for regex automata
• [SONARJAVA-3600] - Remove (re)declaration of fail fast property.
• [SONARJAVA-3622] - Drop unused Symbolic Execution debugging rules
• [SONARJAVA-3627] - Update rules metadata

Improvement

• [SONARJAVA-3546] - Issue message of S5961 should contains the number of actual assertions
• [SONARJAVA-3547] - Improve rule S1612 to replace casts with method reference
• [SONARJAVA-3548] - Improve rule S5838 to handle maps and longs
• [SONARJAVA-3553] - S5778 and S5783: Improve primary and secondary issue message
• [SONARJAVA-3559] - Do not report issues of S1130 on Runtime Exceptions
• [SONARJAVA-3561] - AbstractRegexCheck should target more regex providers
• [SONARJAVA-3562] - Improve Regex rules to consider more string literals as Pattern
• [SONARJAVA-3569] - Improve issue locations of S5869
• [SONARJAVA-3587] - Typo in message of S3457
• [SONARJAVA-3588] - Java Analyzer should be able to parse Jigsaw module-info.java files even when misconfigured
• [SONARJAVA-3616] - Make S2699 support RestAssured 2.x as well (and not only 3.x & 4.x)
• [SONARJAVA-3623] - Update rule S5803 to support all annotations named @VisibleForTesting

False-Positive

• [SONARJAVA-3470] - Add more exceptions to S107
• [SONARJAVA-3545] - Rule S4973 shouldn't report an issue if "==" is used to compare Boolean constants
• [SONARJAVA-3565] - FP on S1948 when using SpringBean from Apache Wicket
• [SONARJAVA-3571] - FP on S1948 when collection implements Serializable
• [SONARJAVA-3577] - FP in S3457 when slf4j log arguments contains a concatenation and a single Throwable
• [SONARJAVA-3579] - FP in S1170 when class is annotated with @lombok.Builder and field with @default
• [SONARJAVA-3580] - FP in S2390: do not report an issue on static class nested in the parent.
• [SONARJAVA-3586] - Support Nullable annotation from reactor-core
• [SONARJAVA-3598] - FP in S2973 when symbol is in lowercase
• [SONARJAVA-3599] - FP in S2226 for non final Servlet fields initialized in init() method without parameters
• [SONARJAVA-3605] - FP in S3305 when field has an initializer
• [SONARJAVA-3612] - FP in S1185 when class is annotated "@transactional"
• [SONARJAVA-3613] - FP in S1193 when the catch block contains more code
• [SONARJAVA-3615] - FP in S1905 when casted argument is a method reference to a varargs.
• [SONARJAVA-3617] - S1170 should not raise an issue when the initializer contains "this" or "super"
• [SONARJAVA-3618] - FP on S3438 when "value" is set inside the property tag
• [SONARJAVA-3619] - FP S2589 when Boolean variable doesn't always evaluate to TRUE/FALSE
• [SONARJAVA-3621] - Union of Unknown types should be Unknown

False Negative

• [SONARJAVA-3130] - S3824: raise issue when "containsKey" is used
• [SONARJAVA-3482] - Support character classes as operand to reluctant quantifier in rule S5857
• [SONARJAVA-3483] - FN in S5869 with escaped character classes

6.9.0.23563

    Release Notes - SonarJava - Version 6.9.0.23563

Bug

• [SONARJAVA-3285] - Java 13/14 preview feature "Text Block" produce highlighting IllegalArgumentException
• [SONARJAVA-3541] - NPE in Symbolic Execution engine when dealing with java 14 switch expressions without default

New Feature

• [SONARJAVA-3374] - Rule S5804 allowing user enumeration is security-sensitive
• [SONARJAVA-3396] - Rule S5808 Authorizations should be based on strong decisions
• [SONARJAVA-3411] - Rule S5876 A new session should be created during user authentication
• [SONARJAVA-3542] - RSPEC-5993 Constructors of an "abstract" class should not be declared "public"

Task

• [SONARJAVA-3543] - Update rules metadata

Improvement

• [SONARJAVA-3376] - Rule S3752: from Vulnerability to Security Hotspot and small improvements on the detection algorithm
• [SONARJAVA-3414] - Rule S4790: its content should be replaced by S2070
• [SONARJAVA-3472] - Document wildcards pattern in rule's parameters (S110, S1176)
• [SONARJAVA-3478] - S2201: Support common Collection and Map methods
• [SONARJAVA-3525] - S2333 supports redundant modifiers on nested interfaces and classes
• [SONARJAVA-3536] - Consistently support Nullable/CheckForNull/Nonnull annotations in rules
• [SONARJAVA-3539] - FP in S5845 when BigDecimal and BigInteger are compared with string

False-Positive

• [SONARJAVA-3468] - FP on S1905 when casted argument is an ambiguous method reference.
• [SONARJAVA-3479] - FP in S2184 when return is in another scope
• [SONARJAVA-3535] - Rule S3749 should not raise when the singleton has @ConfigurationProperties annotation
• [SONARJAVA-3540] - FP in S2175 when a primitive is auto-boxed into a subtype of Number.

False Negative

• [SONARJAVA-3388] - Rule S2070 should support "org.springframework.util.DigestUtils"
• [SONARJAVA-3538] - S5853 does not handle custom assertions

6.8.0.23379

    Release Notes - SonarJava - Version 6.8

New Feature

• [SONARJAVA-3372] - Rule S5803: Class members annotated with @VisibleForTesting should not be accessed from production code
• [SONARJAVA-3509] - Rule S5958: AssertJ "assertThatThrownBy" should not be used alone
• [SONARJAVA-3511] - Rule S5961: Test methods should not contain too many assertions
• [SONARJAVA-3514] - Rule S5967: Tests method should not be annotated with competing annotations
• [SONARJAVA-3515] - Rule S5960: Assertions should not be used in production code
• [SONARJAVA-3516] - Rule S5969: Mocking all non-private methods of a class should be avoided
• [SONARJAVA-3517] - Rule S5970: Spring's ModelAndViewAssert assertions should be used instead of other assertions
• [SONARJAVA-3522] - Rule S3414: Tests should be kept in a dedicated source directory
• [SONARJAVA-3524] - Rule S5973: Tests should be stable
• [SONARJAVA-3526] - Rule S5976: Similar tests should be grouped in a single Parameterized test
• [SONARJAVA-3527] - Rule S5977: Tests should use fixed data instead of randomized data

Task

• [SONARJAVA-3036] - Update to common-xml-parser version 1.12
• [SONARJAVA-3520] - Add S3577: "Test classes should comply with a naming convention" in Sonar way
• [SONARJAVA-3533] - Update rules metadata

Improvement

• [SONARJAVA-3476] - Improve issue location for S5843
• [SONARJAVA-3481] - Add missing escape sequences to regex parser
• [SONARJAVA-3485] - Change issue type of S899 to Bug
• [SONARJAVA-3492] - S1215 should detect "System.runFinalization()" the same way it detects System.gc()
• [SONARJAVA-3500] - Support latest version of Play framework in S3330 and S2092
• [SONARJAVA-3513] - Improve S5810 to support static and test methods with return values
• [SONARJAVA-3518] - S125: reports issue on whole commented block
• [SONARJAVA-3521] - SuppressWarnings Filter should remove issue of S3740 when "rawTypes" is used
• [SONARJAVA-3523] - Extend S3415 (Arguments order) to support TestNG assertions
• [SONARJAVA-3531] - S2187 should consider methods annotated with "@State" from Pact framework as test methods

False-Positive

• [SONARJAVA-3477] - S1214 should report only when an interface contains only constants
• [SONARJAVA-3498] - FP in S1193 for instance of non-throwable types
• [SONARJAVA-3504] - FP on S1948 for fields having non-serializable interface as type but serializable type as initializer
• [SONARJAVA-3506] - FP in S2275 when second argument of String.format is an array
• [SONARJAVA-3507] - FP in S3012 when copying array of primitives types to a Collection
• [SONARJAVA-3519] - FP on S3878 when the argument before the vararg is also an array
• [SONARJAVA-3528] - FP on S5778 when calling mockito methods
• [SONARJAVA-3530] - FP on S3577 when test class ends with "Tests" or is an abstract class
• [SONARJAVA-3534] - FP S3077(VolatileNonPrimitiveFieldCheck) should consider enum as immutable

False Negative

• [SONARJAVA-3491] - FN S2789 (NullShouldNotBeUsedWithOptionalCheck) on null assignment
• [SONARJAVA-3501] - FN on Unused Imports when using Lombok

6.7.0.23054

Release Notes - SonarJava - Version 6.7

Bug

• [SONARJAVA-3244] - S3065: ClassCastException with implicit type casting
• [SONARJAVA-3311] - SE should correctly handle new class in catch
• [SONARJAVA-3381] - Performance Issue when computing the flow of an expression

Task

• [SONARJAVA-3510] - Update rules metadata
• [SONARJAVA-3512] - Deprecate S4784 in favor of S5852

Improvement

• [SONARJAVA-3026] - S3518 Division by zero on floats and double should not mention ArithmeticException
• [SONARJAVA-3069] - Adapt SE engine to Switch Expressions
• [SONARJAVA-3345] - S3518 (division by zero) should handle BigDecimal and BigInteger
• [SONARJAVA-3484] - Change issue type of S2039 and S2386 to Code Smell
• [SONARJAVA-3493] - Remove ASM dependency
• [SONARJAVA-3494] - Rework S2095 (UnclosedResourceCheck) to remove calls to parent() method

False-Positive

• [SONARJAVA-2060] - FP in S2095 : java.sql.Statement will implicitly close created ResultSets
• [SONARJAVA-3043] - S3655 should not raise an issue when a method doing nothing is called between "isPresent" and "get()"
• [SONARJAVA-3157] - FP on Rule S2637 - issue raised on non-initialized fields
• [SONARJAVA-3186] - SE based rules should not raise when exiting on exception with unknown type
• [SONARJAVA-3187] - S2259 FP on null when called Class.isInstance
• [SONARJAVA-3235] - FP on S3655 when the Optional is a class instance field
• [SONARJAVA-3238] - FP on S1948 when class has multiple bounds in parameter type
• [SONARJAVA-3242] - S5164, S1640: FP when variable is called with qualified name
• [SONARJAVA-3451] - FP in S2095: sessions, producers, and consumers of a closed connection with JMS 2.0.
• [SONARJAVA-3466] - FP S5845(AssertionTypesCheck) AssertJ is able to compare date/time and string
• [SONARJAVA-3495] - FP in S2159 when type compared is Unknown
• [SONARJAVA-3499] - FP on S3749 when using javax.persistence.PersistenceContext
• [SONARJAVA-3508] - FP on S4449 when using Preconditions.checkNotNull(arg) with a @nullable argument

False Negative

• [SONARJAVA-2129] - FN on S2095: java.util.Properties.load(InputStream) should not close the stream passed as parameter
• [SONARJAVA-3447] - FN on S2259 when a method is annotated with spring's annotation @nullable
• [SONARJAVA-3503] - FN on S3052 when the initializer is a cast expression