[RFF] SonarJava 4.6
59 views
Skip to first unread message
Tibor Blenessy
Feb 24, 2017, 12:17:40 PM2/24/17
to SonarQube, Nicolas Peru, Michael Gumowski, Tibor Blénessy
Hello all,
we would like to release version 4.6 of the SonarJava analyzer.
This version brings important improvement to three rules based on the symbolic execution engine, which are now able to detect situation, where invocation of method with particular arguments would lead to an unchecked exception being raised at runtime. The improved rules are "Null pointers should not be dereferenced" (squid:S2259), "Zero should not be a possible denominator" (squid:S3518) and "Optional value should only be accessed after calling isPresent()" (squid:S3655).
Significant effort was spent on hardening of symbolic execution engine, which results in more precise reporting on raised issues and better rule accuracy overall.
Version 4.6 also brings:
- fixed false positives in rules S1850 (instanceof), S2068 (hard-coded passwords) and S1185 (overriding methods)
- numerous smaller bug fixes and improvements
The release notes can be found on JIRA .
Download the RC: 4.6-RC1 .
Please give a try to this release candidate! As usual, any feedback is highly appreciated.
The feedback period is open until Tuesday, February 28th.
Best regards
--
Tibor BLENESSY | SonarSource
SonarJava Developer
Michael Gumowski
Feb 27, 2017, 12:24:19 PM2/27/17
to Tibor Blenessy, SonarQube, Nicolas Peru, Tibor Blénessy
Hey all,
We solved SONARJAVA-2140 which was causing a ClassCastException during analysis, and fixed the order of flow messages when raising issues caused by method invocation (was inverted). Consequently, we would like to provide a new RC2 for testing.
Please download the new RC2 here: 4.6-RC2
Cheers,
Michael
--
Tibor Blenessy
Feb 28, 2017, 10:56:48 AM2/28/17
to SonarQube, Nicolas Peru, Michael Gumowski, Tibor Blenessy
Hello,
RFF period is now over and release is imminent.
Best regards
Tibor
Reply all
Reply to author
Forward
0 new messages