SonarSource is pleased to announce the release of the Java plugin version 3.11.
Since few months and with help of the symbolic execution engine, the Java plugin has been able to find and report some tricky bugs in case for instance of null pointer dereference or incorrect complex/nested condition. When such bugs are reported through the SonarQube UI, it’s not always easy for end-users to quickly understand why there is an issue. With this version 3.11, in case of null pointer dereference, the latest statement/declaration leading the symbolic execution engine to consider the object as nullable is highlighted:
Moreover, as the value of a rule engine is inversely proportional to the percentage of false-positives, the following rules have been tuned to remove some reported false-positives :
- Redundant casts should not be used
- Assignments should not be made from within sub-expressions
- Inner classes which do not reference their owning classes should be “static”
- Fields in a “Serializable” class should either be transient or serializable
- Classes should not be compared by name
- Constructors should only call non-overridable methods
- String literals should not be duplicated
- Try-with-resources should be used
- Local variables should not shadow class fields
Please read the release notes for more information. You can install or update it via the Update Center.
Documentation is available on the product page.