SonarSource is pleased to announce the release of the Java plugin version 3.9.
With this version most of the false-positives reported by the community on the below powerful rules in charge to detect tricky bugs have been fixed. Those rules rely on a symbolic execution engine allowing to simulate the execution of all possible paths in the code :
- Null pointers should not be dereferenced (bug, cert, cwe, owasp-a1, owasp-a2, owasp-a6, security)
- Resources should be closed (bug, cert, cwe, denial-of-service, leak, security)
- Conditions should not unconditionally evaluate to ‘true’ or ‘false’ (bug, cwe, misra)
Moreover, the Java plugin starts providing some rules in charge to analyse non-java files. This version provides 4 new rules to check the quality of Maven pom.xml file and sooner or later some other rules will follow to analyse ejb.xml, web.xml, *.properties, *.jsp, *.jsf files :
- Dependencies should not have “system” scope (lock-in, maven)
- Artifact ids should follow a naming convention (convention, maven)
- Group ids should follow a naming convention (convention, maven)
- pom elements should be in the recommended order (convention, maven)
Please read the release notes for more information. You can install or update it via the Update Center.
Documentation is available on the product page.