SonarQube Java 3.12 发布，代码质量管理平台

SonarQube Java 3.12 发布了，Sonar (SonarQube)是一个开源平台，用于管理源代码的质量。Sonar 不只是一个质量数据报告工具，更是代码质量管理平台。支持的语言包括：Java、PHP、C#、C、Cobol、PL/SQL、Flex 等。

9项新规则：

• “enum” fields should not be publicly mutable (bad-practice, security)

• Abstract methods should not be redundant (confusing)

• Child class methods named for parent class methods should be overrides (pitfall)

• Constructors should not be used to instantiate “String” and primitive-wrapper classes (performance) 

• Locale should be used in String operations (cert, unpredictable)

• Raw byte values should not be used in bitwise operations in combination with shifts (bug)

• Resources as defined by user should be closed (denial-of-service, security)

• Sets with elements that are enum values should be replaced with EnumSet (performance)

• String function use should be optimized for single characters (clumsy, performance)

bug修复：

• [SONARJAVA-591] - FP on Anonymous class should be lambda : Apply only on SAM interfaces

• [SONARJAVA-964] - "this" should be registered in interfaces (for "default" methods)

• [SONARJAVA-1155] - S2325 FP when creating non static anonymous inner class accessing members and false negative with method belonging to same hierarchy

• [SONARJAVA-1298] - Semantic: resolve parameterized methods

• [SONARJAVA-1513] - FP on S2160: Classes annotated with lombok's @EqualsAndHashCode should be ignored

• [SONARJAVA-1515] - SE: System.exit call should be a sink in SE/CFG

• [SONARJAVA-1535] - Substitution of Type parameters should be handled correctly when used in combination of wildcards

• [SONARJAVA-1538] - CFG SE : nested statements in try catch end up with wrong CFG

• [SONARJAVA-1543] - Receiver type on inner class constructors

• [SONARJAVA-1550] - FP S2226 when field is annotated with @Inject

• [SONARJAVA-1553] - FP on S2162: final equals methods using instanceof their owner are symmetric

• [SONARJAVA-1554] - FP on S2221: invocation of unknown methods should not raise issue

• [SONARJAVA-1557] - FP on UndocumentedApi: public constructors of non-public classes are not public

• [SONARJAVA-1558] - ArchitecturalConstraints should handle differentiation between wildcards "*" and "**"

• [SONARJAVA-1564] - FP S1948: Field annotated with @Inject are always serializable

• [SONARJAVA-1577] - Type of ".class" expressions should be a parametrized class type instead of the raw type class

• [SONARJAVA-1584] - Prefering method without var args first

• [SONARJAVA-1585] - Absent type in static on demand import causes class cast exception

改进：

• [SONARJAVA-1182] - Provide a more meaningful error message when analysising a semantically incorrect Java source file

• [SONARJAVA-1225] - S1948 should handle collection types properly

• [SONARJAVA-1514] - Invariance of generics not handled correctly

• [SONARJAVA-1520] - S2447 : FP on methods annotated with @CheckForNull

• [SONARJAVA-1528] - FP in S00112 when a method call within body of the method is throwing a generic exception

• [SONARJAVA-1555] - S107 : Ignore methods annotated with Spring '@RequestMapping'

• [SONARJAVA-1568] - FP S2694 Anonymous classes should not be reported

• [SONARJAVA-1570] - Static method check should identify method getClass() as being a non-static reference

• [SONARJAVA-1572] - Classpath construction should not go into wildcard lookup when filename is fully specified

• [SONARJAVA-1573] - S2638 should not raise issue for change of contract compliant with LSP

• [SONARJAVA-1575] - Semantic: Return type of parametrized method wrongly resolved when using arrays

• [SONARJAVA-1579] - Add a parameter to rule template S2253 to ignore matching on parameters

• [SONARJAVA-1583] - Add missing scope for switch statements

• [SONARJAVA-1588] - Better logging of SO errors

• [SONARJAVA-1589] - Semantic: hiding static parametrized methods wrongly resolved

新特性：

• [SONARJAVA-371] - Rule S1449: Locale should be used in String operations

• [SONARJAVA-716] - Rule S1641: Sets with elements that are enum values should be replaced with EnumSet

• [SONARJAVA-848] - Rule S2058: Non-serializable values should not be stored in "Serializable" classes

• [SONARJAVA-1502] - Rule: S3546 rule template for unclosed resource

• [SONARJAVA-1551] - Rule S3034: Raw byte values should not be used in bitwise operations in combination with shifts

• [SONARJAVA-1552] - Rule S2129: Constructors should not be used to instantiate "String" and primitive-wrapper classes

• [SONARJAVA-1560] - Rule S3066: "enum" fields should not be publicly mutable

• [SONARJAVA-1561] - Rule S3027: String function use should be optimized for single characters

• [SONARJAVA-1562] - Rule S2177: Child class methods named for parent class methods should be overrides

任务：

• [SONARJAVA-1486] - Provide a way to verify behavior of checks with no semantic

• [SONARJAVA-1566] - Rename java-squid module to java-frontend

• [SONARJAVA-1567] - SubscriptionBaseVisitor class should be removed

• [SONARJAVA-1586] - SE: Post statement checks are executed twice