fix(deps): update dependency org.sonarsource.java:sonar-java-plugin to v7

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.sonarsource.java:sonar-java-plugin (source)	5.14.0.18788 -> 7.27.1.33504

---

Release Notes

SonarSource/sonar-java (org.sonarsource.java:sonar-java-plugin)

v7.27.1.33504

Compare Source

Release notes - SonarJava - 7.27.1

Task

SONARJAVA-4664 Disable deployment of java-checks-test-sources artifacts to repox

v7.24.0.32100

Compare Source

Release notes - SonarJava - 7.24

Documentation

SONARJAVA-4463 Add significant example to S2589

SONARJAVA-4495 LayC: review and update as appropriate SonarWay rules

SONARJAVA-4578 LaYC: review and update as appropriate SonarWay rules (loops and iterators)

False-Positive

SONARJAVA-4478 FP for S1948 on annotation "javax.annotation.Resource"

SONARJAVA-4563 S1258: Add "lombok.Builder" to excluded annotations list

False Negative

SONARJAVA-4503 FN on rule S2140 on random floating point numbers cast to long

Task

SONARJAVA-4585 Update rules metadata

Improvement

SONARJAVA-4509 S2438: Provide an actionable issue message

SONARJAVA-4559 Provide a list of impacted files when displaying DEBUG log of unresolved imports/types

SONARJAVA-4574 Issue message of S106 can be more precise and do not need the `or` section

v7.23.0.32023

Compare Source

Release notes - SonarJava - 7.23

Bug

SONARJAVA-4477 S1125 quickfix breaking compilation with instanceof

False-Positive

SONARJAVA-1186 Indentation Check (S1120): Block in case of switch statements are not taken into account

SONARJAVA-4007 FP in S1120 with switch expressions

SONARJAVA-4401 FP on Rule S1120 (indentation checking) regarding switch blocks

SONARJAVA-4411 FP S1075 Regex or Pattern are not hardcoded URI

SONARJAVA-4519 FP on S100 when using OSGI annotation `AttributeDefinition`

SONARJAVA-4527 S6204 Collections.reverse(List) is not considered a modification

SONARJAVA-4530 FP on S110 for javafx package

Task

SONARJAVA-4569 Update rules metadata

Improvement

SONARJAVA-4467 Remove deprecation S2039 for Java

SONARJAVA-4528 Lower log level for error messages in ContentHashCache

SONARJAVA-4551 [S3749] Update issue type from vulnerability to code-smell

SONARJAVA-4556 Add a language to the PMD Sensor descriptor

SONARJAVA-4557 Add missing dependencies to Writing Custom Java Rules 101

v7.22.0.31918

Compare Source

Release notes - SonarJava - 7.22

Documentation

SONARJAVA-4490, SONARJAVA-4493, SONARJAVA-4494, SONARJAVA-4496 New Learn as You Code rule descriptions

SONARJAVA-4514 Update Custom rules documentation regarding SQ LTS

False-Positive

SONARJAVA-4180 S6103 should not raise issues on invocations of methods declared outside the file

SONARJAVA-4516 FP on S5411 when non-nullable object is cast to "Boolean"

Task

SONARJAVA-4444 Upgrade sonar-plugin-api to 9.14.0.375 or greater

SONARJAVA-4555 Update rules metadata

v7.21.0.31796

Compare Source

Release notes - SonarJava - 7.21

Documentation

SONARJAVA-4482 LayC: review and update as appropriate SonarWay rules (1 of 15)

SONARJAVA-4483 LayC: review and update as appropriate SonarWay rules (2 of 15)

SONARJAVA-4484 LayC: review and update as appropriate SonarWay rules (3 of 15)

SONARJAVA-4485 LayC: review and update as appropriate SonarWay rules (4 of 15)

SONARJAVA-4486 LayC: review and update as appropriate SonarWay rules (5.1 of 15)

SONARJAVA-4487 LayC: review and update as appropriate SonarWay rules (6 of 15)

SONARJAVA-4488 LayC: review and update as appropriate SonarWay rules (7 of 15)

SONARJAVA-4489 LayC: review and update as appropriate SonarWay rules (8.1 of 15)

SONARJAVA-4491 LayC: review and update as appropriate SonarWay rules (10 of 15)

SONARJAVA-4492 LayC: review and update as appropriate SonarWay rules (11 of 15)

SONARJAVA-4506 Rule S1291 (NoSonar) metadata are not up to date and do not follow LayC format

SONARJAVA-4524 Update rules metadata

False-Positive

SONARJAVA-4107 Rule S100 - Underscore in method is acceptable when using SpringData

SONARJAVA-4476 FP for S2629 on record getter methods

SONARJAVA-4497 FP on S2142 when using union types and rethrowing

SONARJAVA-4501 FP on S1149 when overriding a method and using same symbols of the signature within method body

Task

SONARJAVA-4445 Upgrade sonarlint-plugin-api to version 8.15.0.65216 or greater

Improvement

SONARJAVA-4518 Introduce a new Spring Issue Filter to filter out spring-specific cases

v7.20.0.31692

Compare Source

Release notes - SonarJava - 7.20

Bug

SONARJAVA-4233 Constants accessed with member-select create different SV every time when placed in loops

SONARJAVA-4420 S3518 crashes with IndexOutOfBoundsException for certain inputs

False Negative

SONARJAVA-2126 Unboxing of NULL primitive wrapper raises NPE and should be detected by S2259 (NullDereferenceCheck)

SONARJAVA-4475 FN on S2589 when a constant is outside method scope

Task

SONARJAVA-4498 Upgrade sonar-analyzer-commons 2.5.0.1358

SONARJAVA-4499 Update rules metadata

Improvement

SONARJAVA-4097 Stop method SE at the first unknown method call symbol in Autoscan context

SONARJAVA-4286 Support "ZERO" constraints in (hardcoded) method behaviors

SONARJAVA-4423 Symbolic execution rules metadata should be tagged with "symbolic execution"

SONARJAVA-4442 S3518 DivisionByZeroCheck reports misleading secondary locations

v7.19.0.31550

Compare Source

Release notes - SonarJava - 7.19

Breaking change: If you are using Java 19+ preview features, now SonarJava does not enable them automatically, you need to set sonar.java.enablePreview=true explicitly.

False Negative

SONARJAVA-4443 Rule S6437: Add jjwt support

New Feature

SONARJAVA-4369 S6485: Hash-based collections with known capacity should be initialized with the proper related static method

SONARJAVA-4464 Add a new "sonar.java.enablePreview" analysis parameter, disabled by default

Task

SONARJAVA-4468 Update rule metadata

Improvement

SONARJAVA-4378 Update ECJ to 3.33.0

v7.18.0.31443

Compare Source

Release notes - SonarJava - 7.18

Bug

SONARJAVA-4396 The Java analyzer distinguishes between changed and unchanged in files in PR context

New Feature

SONARJAVA-4433 S6539: Class depends on an excessive number of classes

SONARJAVA-4434 S6541: Methods should not perform too many tasks (Brain method)

SONARJAVA-4440 S6548: Identify Singleton Design Patterns

Task

SONARJAVA-4455 Update Rules Metadata

Improvement

SONARJAVA-4277 Fix S1142 message wording and secondaries

v7.17.0.31219

Compare Source

Release notes - SonarJava - 7.17

Bug

SONARJAVA-4402 Unit tests fail on any non English language OS

SONARJAVA-4418 S1068 dirty state in UnusedPrivateFieldCheck throws IllegalArgumentException repetitively

False-Positive

SONARJAVA-3995 FP S3400 when method can be overridden

SONARJAVA-4244 S3400 should report on boolean types

SONARJAVA-4254 FP S4684 when @​Entity are not converter from json automatically

SONARJAVA-4327 FP on S3937 when binary numbers

SONARJAVA-4328 FP on S2142 when `InterruptedException` is rethrown

SONARJAVA-4393 FP on S1105 due to Record conversion in JParser

SONARJAVA-4403 S3553 FP on overridden methods

SONARJAVA-4405 FP on S101 when classes extends java.util.ResourceBundle

SONARJAVA-4406 FP on S2142 when the InterruptedException is caught in an inner try-catch

Task

SONARJAVA-4394 Rule S1849: Refactor HasNextCallingNext rule to not use non-static inner class

SONARJAVA-4395 Rule S1114: In ObjectFinalizeOverridenCallsSuperFinalizeCheck lastStatementTree field is not always cleaned

SONARJAVA-4416 Update rules metadata

Improvement

SONARJAVA-3920 Add quick fixes for S5810 (JUnit5SilentlyIgnoreClassAndMethodCheck)

SONARJAVA-3924 Add quick fixes for S2129 (StringPrimitiveConstructorCheck)

SONARJAVA-3938 Add quick fixes for S4719 (StandardCharsetsConstantsCheck)

SONARJAVA-3959 Add quick fixes for S1656 (SelfAssignementCheck)

SONARJAVA-4185 Rules should not report FP when methods have an unknown parameter type

SONARJAVA-4187 S3329 should not report FP when the semantic is incomplete

SONARJAVA-4311 Add quick fixes for S1217 (ThreadRunCheck)

SONARJAVA-4314 Add quick fixes for S1450 (PrivateFieldUsedLocallyCheck)

SONARJAVA-4315 Add quick fixes for S1066 (CollapsibleIfCandidateCheck)

SONARJAVA-4317 Add quick fixes for S2147 (CombineCatchCheck)

SONARJAVA-4319 Add quick fixes for S2116 (ArrayHashCodeAndToStringCheck)

SONARJAVA-4321 Add quick fixes for S2225 (ToStringReturningNullCheck)

SONARJAVA-4350 Improve the suggested quick fix for S1068 when there are some writes to the variable

SONARJAVA-4352 Add quick fixes for S1132 (StringLiteralInsideEqualsCheck)

v7.16.1.31255

Compare Source

Release notes - SonarJava - 7.16.1

Bug

SONARJAVA-4396 The Java analyzer distinguishes between changed and unchanged in files in PR context

v7.16.0.30901

Compare Source

Release notes - SonarJava - 7.16

Bug

SONARJAVA-4127 UnsupportedOperationException when computing the signature of a MethodSymbol

SONARJAVA-4279 S1612 should not report an issue with incomplete semantics

SONARJAVA-4356 Several regular expressions are inefficient

SONARJAVA-4370 Memory leak in rule S5852 RedosCheck because regexCreations field is never cleaned

SONARJAVA-4371 Memory leak in multiple symbolic execution-based rules

SONARJAVA-4386 Members of RECORD tree are not ordered

SONARJAVA-4390 NPE in ECJ should be catched by JType.isSubtype(...)

SONARJAVA-4391 NPE in LombokFilter

SONARJAVA-4392 NPE in DivisionByZeroCheck

Documentation

SONARJAVA-4345 Update rules metadata

SONARJAVA-4374 S5411: Improve rule message, title, and description

SONARJAVA-4381 S1135: Update metadata to be explicit about main code only scope

False-Positive

SONARJAVA-4098 FP S1612 method reference should not be suggested when replacement is longer that actual code

SONARJAVA-4255 FP S1185(MethodOnlyCallsSuperCheck) with different modifiers

SONARJAVA-4281 Rule S1313: Exclude local IPv4-mapped IPv6 address

SONARJAVA-4292 Rule S1313: Exclude reserved documentation IP ranges

SONARJAVA-4329 FP on rule S1612 when replacing lambda on Integer conversion to String

SONARJAVA-4331 S1213 should not raise issues on static fields placed at the top of records

SONARJAVA-4343 FP on S2699 (Missing assertions in tests) with latest versions of AssertJ (>3.19) and newly added assertions

SONARJAVA-4347 FP in S1144 When annotated parameters are present

SONARJAVA-4353 S131 FP on switch that covers all enum constants

SONARJAVA-4354 S2259 FP on Springframework 5 annotations

SONARJAVA-4363 FP on S2272 when the next/previous() method calls another one which itself throw the NoSuchElementException

SONARJAVA-4365 S5786 should not report issues on classes defining publicly visible constants

SONARJAVA-4372 FP in rule S6204 when Collections.shuffle() is used as a mutator

SONARJAVA-4382 S1191 should not raise issues on imports from `com.sun.*` packages

New Feature

SONARJAVA-4266 Rule S6432: Counter Mode initialization vectors should not be reused

False Negative

SONARJAVA-4250 FN in S2692 when the number is coming from a constant

SONARJAVA-4283 S5838 does not handle primitive type inequality operators correctly

Improvement

SONARJAVA-4265 Improve the rule message of S1120

SONARJAVA-4268 Rule S5542: Detect CBC mode when used with padding

SONARJAVA-4269 S1711 should clean up type names replacing dollar signs with periods

SONARJAVA-4351 Update S5411 documentation with SONARJAVA-3570 exceptions

SONARJAVA-4384 Replace method `symbol()` on `MethodInvocationTree` and `NewClassTree` with `methodSymbol()` in public API

v7.15.0.30507

Compare Source

Release notes - SonarJava - Version 7.15

Bug

SONARJAVA-4342 Nullness annotation on interface methods should be inherited in implementation methods

SONARJAVA-4341 IndexOutOfBoundsException when trying to access symbols of declared parameters of Compact constructor

SONARJAVA-4338 S1186: Inconsistent exceptions in documentation and implementation

SONARJAVA-4176 NPE in JSymbol.typeOwner

SONARJAVA-3529 S3958: Incorrect location in case of certain exceptional paths

Documentation

SONARJAVA-4333 Update sonar.java.jdkHome documentation

False Negative

SONARJAVA-4251 FN S2252(ForLoopFalseConditionCheck) does not support constants

False-Positive

SONARJAVA-4344 FP S3878 when the vararg has an array type

SONARJAVA-4336 S2384, 2386 should support methods from Guava returning immutable collections

SONARJAVA-4282 Exclude "com.sun.xml.ws" package from S1191 by default

SONARJAVA-4252 S2384, S2386 should support immutable collection creation from stream

SONARJAVA-4241 S1125: erroneous quick fix suggestion when negating a binary operation

SONARJAVA-4196 S5860 should cover methods start() and end() of 'java.util.regex.Matcher'

SONARJAVA-4072 FP S107 with Spring and micronaut annotations

SONARJAVA-4024 FP in S6019 because of RegexTreeHelper.isAnchoredAtEnd

SONARJAVA-3900 FP S3242(LeastSpecificTypeCheck) for functional interfaces

SONARJAVA-3896 FP S3329 should not raise when the IV is not defined

SONARJAVA-3890 S5996 should not raise an issue if $ is followed by a line break character

SONARJAVA-3668 FP on S1186: method annotated @Pointcut from AspectJ are often expected to be empty

Improvement

SONARJAVA-4335 S3776 should Ignore equals() and hashCode() methods similarly to S1541

SONARJAVA-4325 Change message suggestion for S3878 when method argument type is not Object

SONARJAVA-4257 Fix typo in S4605 message

New Feature

SONARJAVA-4349 Expose ClasspathForMain.getBinaryDirs() in public API

SONARJAVA-4348 Expose test classpath and binaries in the public API

Task

SONARJAVA-4346 Update rules metadata

SONARJAVA-4264 Remove deprecated common-java:DuplicatedBlocks rule from Sonar Way

v7.14.0.30229

Compare Source

Release notes - SonarJava - Version 7.14

False-Positive

SONARJAVA-4330 Rule S2272: FP on method calls that are not next()

SONARJAVA-4242 SE should handle "booleanValue()" from Boolean wrapper

SONARJAVA-4174 S2259 should not raise an issue when a null variable is passed to Optional.ofNullable

SONARJAVA-4131 Add support of org.springframework.util.StringUtils#isEmpty

Improvement

SONARJAVA-4288 Update Analyzer Commons to 1.27: changes in Regex check and resources loading

SONARJAVA-4220 Update ECJ to 3.30.0

SONARJAVA-3891 Add support of org.apache.commons.lang3.ArrayUtils methods

New Feature

SONARJAVA-4284 Rules support PCI DSS Security Standard

SONARJAVA-4278 Rule S2068: Remove method checks

SONARJAVA-4275 Rule S6437: Credentials should not be hard-coded

Task

SONARJAVA-4332 Update rules metadata

v7.13.0.29990

Compare Source

Release Notes - SonarJava - Version 7.13

New Feature

• [SONARJAVA-4133] - Rule S6241 Region should be set explicitly when creating a new AwsClient
• [SONARJAVA-4134] - Rule S6242 Credentials Provider should be set explicitly when creating a new "AwsClient"
• [SONARJAVA-4135] - Rule S6243 Reusable resources should be initialized at construction time of Lambda functions
• [SONARJAVA-4136] - Rule S6244 Consumer Builders should be used
• [SONARJAVA-4137] - Rule S6246 Lambdas should not invoke other lambdas synchronously
• [SONARJAVA-4138] - Rule S6262 AWS region should not be set with a hardcoded String
• [SONARJAVA-4139] - Rule S6263 Using Long-term access keys are security-sensitive

Task

• [SONARJAVA-4270] - Add performance timers on the cache-aware analysis paths
• [SONARJAVA-4280] - Update rules metadata

Improvement

• [SONARJAVA-4271] - Do not attempt to scan without parsing in a context where files cannot be skipped
• [SONARJAVA-4276] - Message of S4968 should end with a full stop

v7.12.1.29810: 7.12.1.29810

Compare Source

Release Notes - SonarJava - Version 7.12.1

Bug

• [SONARJAVA-4267] - The Java analyzer crashes when running incremental analysis on generated files

False-Positive

• [SONARJAVA-4243] - FP in S6205 when the content of the block is not an expression

v7.12.0.29739

Compare Source

Release Notes - SonarJava - Version 7.12

Bug

• [SONARJAVA-4231] - NPE in JType.normalize

New Feature

• [SONARJAVA-2940] - Rule S4968: The upper bound of wildcard parameterized types should not be "final"
• [SONARJAVA-4149] - Rule S6326: Regular expressions should not contain multiple spaces
• [SONARJAVA-4150] - Rule S6396: Superfluous curly brace quantifiers should be avoided
• [SONARJAVA-4151] - Rule S6353: Regular expression quantifiers and character classes should be used concisely
• [SONARJAVA-4152] - Rule S6397: Character classes in regular expressions should not contain only one character
• [SONARJAVA-4154] - Rule S6331: Regular expressions should not contain empty groups
• [SONARJAVA-4170] - Rule S6395: Non-capturing groups without quantifier should not be used
• [SONARJAVA-4173] - Rule S6411 Types used as keys in Maps should implement Comparable
• [SONARJAVA-4209] - Introduce caching capabilities for Java rules
• [SONARJAVA-4222] - Rule S6418: Hard-coded secrets are security-sensitive
• [SONARJAVA-4223] - S5693: Remove requirement to re-parse files on each PR analysis
• [SONARJAVA-4224] - S4605: Remove requirement to re-parse files on each PR analysis
• [SONARJAVA-4225] - S1228: Remove requirement to re-parse files on each PR analysis
• [SONARJAVA-4226] - S4032: Remove requirement to re-parse files on each PR analysis

Task

• [SONARJAVA-4214] - Compiler flag "enablePreviewFeatures" should be enable for java version >= maximum supported version
• [SONARJAVA-4218] - Stop ignoring S2789 unit test related to javax.annotation.meta.When.NEVER
• [SONARJAVA-4236] - Rely on released version of Analyzer Commons
• [SONARJAVA-4245] - Extract ModuleScannerContext out InputFileScannerContext
• [SONARJAVA-4246] - Expose the EndOfAnalysis interface as part of the plugin API
• [SONARJAVA-4248] - Inroduce the notion of a module key that can be utilized by checks
• [SONARJAVA-4249] - Rely on Analyzer Commons for regex helper classes
• [SONARJAVA-4253] - Update rules metadata

Improvement

• [SONARJAVA-3838] - Add support for TimeUnit.sleep() in S2925
• [SONARJAVA-4153] - Refactor S5842 using sonar-analyzer-commons
• [SONARJAVA-4155] - Refactor S5843 using sonar-analyzer-commons
• [SONARJAVA-4156] - Refactor S5850 using sonar-analyzer-commons
• [SONARJAVA-4157] - Refactor S5855 using sonar-analyzer-commons
• [SONARJAVA-4158] - Refactor S5857 using sonar-analyzer-commons
• [SONARJAVA-4159] - Refactor S5867 using sonar-analyzer-commons
• [SONARJAVA-4160] - Refactor S5868 using sonar-analyzer-commons
• [SONARJAVA-4161] - Refactor S5869 using sonar-analyzer-commons
• [SONARJAVA-4162] - Refactor S5994 using sonar-analyzer-commons
• [SONARJAVA-4163] - Refactor S5996 using sonar-analyzer-commons
• [SONARJAVA-4164] - Refactor S6001 using sonar-analyzer-commons
• [SONARJAVA-4165] - Refactor S6002 using sonar-analyzer-commons
• [SONARJAVA-4166] - Refactor S6019 using sonar-analyzer-commons
• [SONARJAVA-4167] - Refactor S6035 using sonar-analyzer-commons
• [SONARJAVA-4188] - S4423 should not report an issue when the version is not set
• [SONARJAVA-4215] - S1943 (default system encoding) should not report an issue for Java >= 18
• [SONARJAVA-4217] - Merge S1158 and S2131
• [SONARJAVA-4228] - S6377: update the issue message
• [SONARJAVA-4230] - Allow client-side disabling of caching
• [SONARJAVA-4234] - Allow caching to be disabled (or enabled) by an overriding analyzer flag
• [SONARJAVA-4235] - Improve SonarJava caching API
• [SONARJAVA-4240] - S5693 stores a single cache entry per file

False-Positive

• [SONARJAVA-4172] - S6206 should not report on non-final classes
• [SONARJAVA-4204] - FP on S1221 when a method is overridden
• [SONARJAVA-4219] - S1121 should not report an issue for assignment in Java 14 switch
• [SONARJAVA-4221] - S6073 should support MockitoHamcrest adapter
• [SONARJAVA-4227] - FP in S2068 and S6418: Secrets and Password should be correctly isolated in string literals
• [SONARJAVA-4229] - FP S6418: Use frequency of character pairs to distinguish randomness
• [SONARJAVA-4232] - S3398 : FP when reaching outer method from another instance

False Negative

• [SONARJAVA-4206] - FN on S3012 in case of do-while loop

v7.11.0.29148

Compare Source

Release Notes - SonarJava - Version 7.11

Task

• [SONARJAVA-4216] - Enable preview features flag for Java 18

v7.10.0.29108

Compare Source

Release Notes - SonarJava - Version 7.10

Bug

• [SONARJAVA-3693] - Allow to exclude generated "*_jsp.java" files from analysis
• [SONARJAVA-4194] - Rule S1155 crash with stackoverflow when encountering large numbers of chained BinaryExpressionTrees
• [SONARJAVA-4207] - JAR files passed to sonar.java.libraries should be unlocked when not needed anymore in Batch mode

New Feature

• [SONARJAVA-4183] - Incremental PR analysis: Skip rules that don&#​39;t need to be run on unchanged files
• [SONARJAVA-4199] - Enable batch mode by default

Task

• [SONARJAVA-4197] - Fallback to file by file mode when a batch fails to parse
• [SONARJAVA-4200] - Document incremental analysis
• [SONARJAVA-4202] - Rules Sanity Test should include test files of compiler test sources
• [SONARJAVA-4210] - Update rules metadata

Improvement

• [SONARJAVA-4179] - Logging of undefined types and missing libraries should be relevant in batch mode
• [SONARJAVA-4198] - JSP files should be correctly analyzed in batch mode

False-Positive

• [SONARJAVA-4094] - S1105: FP when using java 16 records and java 17 sealed classes&#​39; permitted types
• [SONARJAVA-4193] - FP on S3329 in case of simple assigments of the IV

v7.9.0.28969

Compare Source

Release Notes - SonarJava - Version 7.9

New Feature

• [SONARJAVA-4177] - Provide OWASP Top 10 2021 security standards for rules metadata
• [SONARJAVA-4181] - Introduce rule selection for AutoScan

Task

• [SONARJAVA-3707] - Deprecate S2658 in favor of S6173
• [SONARJAVA-4145] - Update rules metadata

Improvement

• [SONARJAVA-4186] - Rules testing subtypes should correctly handle incomplete semantic

False-Positive

• [SONARJAVA-4184] - FPs on S112 when the body of a method has unresolved methods or if a called constructor declare raw exceptions
• [SONARJAVA-4189] - FP in S3985 when all the usages of a class are not resolved
• [SONARJAVA-4191] - S4838 should not report false positives when the semantic is incomplete
• [SONARJAVA-4192] - S3077 should not report an issue when the type is unknown

v7.8.1.28740

Compare Source

Release Notes - SonarJava - Version 7.8.1

Bug

• [SONARJAVA-4148] - Duplicated "Using ECJ batch to parse source files" logs

Improvement

• [SONARJAVA-3893] - Update S128 documentation to mention fallthrough exception

False-Positive

• [SONARJAVA-3887] - Rule S5808 should not raise when an exception is thrown
• [SONARJAVA-4144] - S2699 and S6103 should not report an issue in case of incomplete semantic
• [SONARJAVA-4146] - FP in batch mode caused by missing annotations on dependent generic classes

v7.8.0.28662

Compare Source

Release Notes - SonarJava - Version 7.8

Bug

• [SONARJAVA-4128] - Record components of local records should not have the method as owner
• [SONARJAVA-4129] - NPE in S1450 when private field is used in a record

Task

• [SONARJAVA-4141] - Update rules metadata

Improvement

• [SONARJAVA-4059] - Rule S6373 XML parsers should not allow inclusion of arbitrary files
• [SONARJAVA-4062] - Rule S6374 XML parsers should not load external schemas
• [SONARJAVA-4065] - Rule S6376 XML parsers should not be vulnerable to Denial of Service attacks
• [SONARJAVA-4067] - Rule S6377 XML signatures should be validated securely

False-Positive

• [SONARJAVA-3839] - FP in S6212 when a method has parameterized return types
• [SONARJAVA-3842] - FP in S2755 when vulnerability is mitigated in another class
• [SONARJAVA-3899] - FP on S2755 when XML DocumentBuilderFactory is initialized inside initialized block
• [SONARJAVA-4008] - Rule S2755 should accept setExpandEntityReferences solution for openJDK >= 13

v7.7.0.28547

Compare Source

Release Notes - SonarJava - Version 7.7

Bug

• [SONARJAVA-4010] - NPE in JSymbol.hashCode()
• [SONARJAVA-4023] - The Java analyzer should populate the classpath with all the JARs provided by the SDK

New Feature

• [SONARJAVA-3770] - Implement rule S6217: Omit permitted types when subclasses are in the same file as their superclass

Task

• [SONARJAVA-3863] - Drop deprecated method "MethodSymbol.overriddenSymbol()"
• [SONARJAVA-4124] - Update license headers for 2022
• [SONARJAVA-4125] - Update rules metadata

Improvement

• [SONARJAVA-4057] - Do not generate FP when rules don&#​39;t have semantic
• [SONARJAVA-4086] - Preview feature problems should not be logged under unresolved types
• [SONARJAVA-4101] - Update ECJ to 3.28.0
• [SONARJAVA-4103] - Rules S1905 - Highlight also the parenthesis of the reported issue
• [SONARJAVA-4104] - Rule S1197 Highlight the variable additionally to the []
• [SONARJAVA-4114] - Support classpath entries with comma
• [SONARJAVA-4115] - Custom rules plugin examples should shade dependencies and use latest packaging module
• [SONARJAVA-4118] - Introduce Java 17&#​39;s Sealed Classes as final feature
• [SONARJAVA-4119] - Correctly parse Pattern-matching for switch from Java 17
• [SONARJAVA-4120] - Logs about preview features should not suggest "-enable-preview"

False-Positive

• [SONARJAVA-4060] - FP in S3252 when owner type is unknown
• [SONARJAVA-4070] - S1874(CallToDeprecatedMethodCheck) should ignore incomplete method signature
• [SONARJAVA-4074] - S5845: FP when using lombok.val
• [SONARJAVA-4090] - FP in S6206 when the constructor and the class have not the same visibility
• [SONARJAVA-4100] - Abstract classes should be excluded from S5790
• [SONARJAVA-4102] - S6204 should not raise an issue when removeIf is called on the list
• [SONARJAVA-4116] - Remove rule S2912 (IndexOfStartPositionCheck)
• [SONARJAVA-4117] - Support "@​SuperBuilder" from Lombok
• [SONARJAVA-4122] - S3329 should not raise an issue for Cipher.DECRYPT_MODE
• [SONARJAVA-4123] - FP on S2384: Collections.emptyList() should be considered as immutable.

Documentation

• [SONARJAVA-4066] - Update custom rules 101 metadata documentation and template

False Negative

• [SONARJAVA-4055] - S4544 should raise on Interface in addition to Class
• [SONARJAVA-4058] - S5838 should support subtypes of Collections
• [SONARJAVA-4063] - FN in S3688 (disallowed classes) in case of Reflection
• [SONARJAVA-4108] - FN in S2189 : infinite do/while loops should be reported
• [SONARJAVA-4111] - FN on S1862 when equality parameters are inverted

v7.6.0.28201

Compare Source

Release Notes - SonarJava - Version 7.6

Bug

• [SONARJAVA-4020] - S5869(DuplicatesInCharacterClassCheck): Fix false-negative and crash on regex spanning low and upper case ranges

Task

• [SONARJAVA-3987] - Move all rules targeting XML from SonarJava to SonarQube XML Analyzer
• [SONARJAVA-3988] - Drop XmlFileSensor from Java Analyzer
• [SONARJAVA-4087] - Advertise minimal required JRE version
• [SONARJAVA-4088] - Update rules metadata

Improvement

• [SONARJAVA-4069] - Improve Nullability annotations support in S2638 (ChangeMethodContractCheck)
• [SONARJAVA-4078] - Improve Nullability annotations support in S2789 (NullShouldNotBeUsedWithOptionalCheck)
• [SONARJAVA-4079] - Improve Nullability annotations support in S4682 (PrimitivesMarkedNullableCheck)
• [SONARJAVA-4080] - Improve Nullability annotations support in S2637 (NonNullSetToNullCheck)
• [SONARJAVA-4081] - Improve Nullability annotations support in S4454 (EqualsParametersMarkedNonNullCheck)
• [SONARJAVA-4082] - Improve Nullability annotations support in S2447 (BooleanMethodReturnCheck)
• [SONARJAVA-4083] - Improve Nullability annotations support in S1168 (ReturnEmptyArrayNotNullCheck)
• [SONARJAVA-4084] - Improve Nullability annotations support in S4449 (ParameterNullnessCheck)
• [SONARJAVA-4085] - Improve Nullability annotations support in S2259 (NullDereferenceCheck)
• [SONARJAVA-4089] - Improve Nullability annotations support in Exploded graph walker
• [SONARJAVA-4091] - Use of Java 17 feature should not lead to a warning message

v7.5.0.28054

Compare Source

Release Notes - SonarJava - Version 7.5

Bug

• [SONARJAVA-4068] - S2118-S2441: Fix StackOverflowError raised for self assigned variables

Task

• [SONARJAVA-4052] - Provide quick fix availability to SQ
• [SONARJAVA-4075] - Update rules metadata

Improvement

• [SONARJAVA-4048] - Update ECJ to 3.27.0 and require Java 11

False-Positive

• [SONARJAVA-4047] - S2699: Fix FP with "andExpectAll" introduced in recent version of Spring Test
• [SONARJAVA-4064] - S2055: Fix FP when the semantic is incomplete
• [SONARJAVA-4073] - S3751 should accept protected and package scope modifiers

v7.4.0.27839

Compare Source

Release Notes - SonarJava - Version 7.4

Bug

• [SONARJAVA-4021] - Wrong message in S1128 with unused imports from a sub-package

New Feature

• [

  ---

  • If you want to rebase/retry this PR, check this box

  ---

  This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 7.x releases. But if you manually upgrade to 7.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.