SonarJava v6.9.0.23563 Release Notes

Release Date: 2020-10-05 // about 1 year ago
  •     Release Notes - SonarJava - Version 6.9.0.23563
    

    🐛 Bug

    • [SONARJAVA-3285] - Java 13/14 preview feature "Text Block" produce highlighting IllegalArgumentException
    • 0️⃣ [SONARJAVA-3541] - NPE in Symbolic Execution engine when dealing with java 14 switch expressions without default

    🆕 New Feature

    • 🔒 [SONARJAVA-3374] - Rule S5804 allowing user enumeration is security-sensitive
    • [SONARJAVA-3396] - Rule S5808 Authorizations should be based on strong decisions
    • [SONARJAVA-3411] - Rule S5876 A new session should be created during user authentication
    • [SONARJAVA-3542] - RSPEC-5993 Constructors of an "abstract" class should not be declared "public"

    Task

    👌 Improvement

    • 🔒 [SONARJAVA-3376] - Rule S3752: from Vulnerability to Security Hotspot and small improvements on the detection algorithm
    • [SONARJAVA-3414] - Rule S4790: its content should be replaced by S2070
    • [SONARJAVA-3472] - Document wildcards pattern in rule's parameters (S110, S1176)
    • 👍 [SONARJAVA-3478] - S2201: Support common Collection and Map methods
    • 👍 [SONARJAVA-3525] - S2333 supports redundant modifiers on nested interfaces and classes
    • 👍 [SONARJAVA-3536] - Consistently support Nullable/CheckForNull/Nonnull annotations in rules
    • [SONARJAVA-3539] - FP in S5845 when BigDecimal and BigInteger are compared with string

    False-Positive

    False Negative

    • 👍 [SONARJAVA-3388] - Rule S2070 should support "org.springframework.util.DigestUtils"
    • [SONARJAVA-3538] - S5853 does not handle custom assertions