Hello all,
we would like to release version 4.6 of the SonarJava analyzer.
This version brings important improvement to three rules based on the symbolic execution engine, which are now able to detect situation, where invocation of method with particular arguments would lead to an unchecked exception being raised at runtime. The improved rules are "Null pointers should not be dereferenced" (squid:S2259), "Zero should not be a possible denominator" (squid:S3518) and "Optional value should only be accessed after calling isPresent()" (squid:S3655).
Significant effort was spent on hardening of symbolic execution engine, which results in more precise reporting on raised issues and better rule accuracy overall.
Version 4.6 also brings:
- fixed false positives in rules S1850 (instanceof), S2068 (hard-coded passwords) and S1185 (overriding methods)
- numerous smaller bug fixes and improvements
The release notes can be found
on JIRA .
Please give a try to this release candidate! As usual, any feedback is highly appreciated.
The feedback period is open until Tuesday, February 28th.
Best regards