SonarQube Java 4.1 发布

SonarQube Java 4.1发布了。Sonar （SonarQube）是一个开源平台，用于管理源代码的质量。Sonar 不只是一个质量数据报告工具，更是代码质量管理平台。支持的语言包括：Java、PHP、C#、C、Cobol、PL/SQL、Flex 等。SonarQube Java 是Sonar的一个插件，用来分析 Java 代码。

该版本提供了七个新的规则：

• Simple class names should be used (Code Smell, confusing)

• Unit tests should throw exceptions (Code Smell, clumsy, tests)

• Value-based objects should not be serialized (Bug, java8, serialization)

• Private fields only used as local variables in methods should become local variables (Code Smell, pitfall)
   JDK 9 中 code smell 的示例：

• “null” should not be used with “Optional” (Bug, java8)
  JDK 9 中的 bug 示例：

• Zero should not be a possible denominator (Bug, cert, cwe, denial-of-service)
  JDK 9 中的 issues 示例：

• Optional value should only be accessed after calling isPresent() (Bug, cwe)
  JDK 9 中的 bug 示例：

更新日志：

Bug

• [SONARJAVA-1775] - Thrown exceptions should be correctly computed on method types

• [SONARJAVA-1780] - Status of Object Constraint is lost on null check

• [SONARJAVA-1797] - AVLTree: fix handling of collisions of hash codes, get rid of integer overflow

False-Positive

• [SONARJAVA-1753] - FP on S2386 for public static final empty arrays

• [SONARJAVA-1757] - FP on S1118: when on a serializable class

改进：

• [SONARJAVA-1422] - Improving try-catch flow of instruction

• [SONARJAVA-1591] - Emulating try-catch with a branch to the exception path at first is incorrect

• [SONARJAVA-1770] - S1172 UnusedParameters FN : if method is annotated with @SuppressWarnings with known suppressions

• [SONARJAVA-1777] - Rule UndocumentedAPI: update default parameter value

• [SONARJAVA-1779] - Put "case" expression into CFG

• [SONARJAVA-1782] - S2068 should detect string constant used in java.net.PasswordAuthentication API

新特性：

• [SONARJAVA-372] - Rule S1450: Private fields used only as local variables in methods should become local variables

• [SONARJAVA-520] - Rule S1942: Simple class names should be used

• [SONARJAVA-1750] - Rule S3658: Unit test should throw exception instead of failing in a catch block

• [SONARJAVA-1758] - Rule S3437: Value-based classes should not be serialized

• [SONARJAVA-1759] - Rule S2789: "null" should not be used with "Optional"

• [SONARJAVA-1760] - Add firstToken() and lastToken() methods to the Tree API

• [SONARJAVA-1762] - Rule S3518: Zero should not be a possible denominator

• [SONARJAVA-1767] - Rule S3655: Optional value should only be accessed after calling isPresent()

Task

• [SONARJAVA-1771] - Deprecate Unused protected methods check

• [SONARJAVA-1774] - Deprecate Architectural Constraint Rule Template

• [SONARJAVA-1784] - Deprecate getMethodComplexityNodes in JavaFileScannerContext

• [SONARJAVA-1790] - Update rule descriptions to RSPECs

• [SONARJAVA-1799] - Upgrade to OSS parent pom 36

详情：http://www.sonarsource.com/2016/08/04/sonarqube-java-4-1-released/