SonarQube Java 3.10 发布,这是 Sonar 用来分析 Java 项目代码的插件。该版本改进了 Symbolic Execution 引擎 包含 17 条新的规则: “action” mappings should not have too many “forward” entries (brain-overload, struts) “catch” clauses should do more than rethrow (clumsy, unused) “InterruptedException” should not be ignored (bug, cwe, multi-threading) “private” methods called only by inner classes should be moved to those classes (confusing) “SingleConnectionFactory” instances should be set to “reconnectOnException” (bug, spring) Default EJB interceptors should be declared in “ejb-jar.xml” (bug) Deprecated “${pom}” properties should not be used (maven, obsolete) Disallowed dependencies should not be used (maven) EJB interceptor exclusions should be declared as annotations (pitfall) Functions should not be defined with a variable number of arguments (cert, misra, pitfall) Inappropriate regular expressions should not be used (bug) Method overrides should not change contracts (suspicious) Methods should not return constants (confusing) Security constraints should be defined (cwe, jee, owasp-a7, security, websphere) Struts validation forms should have unique names (bug, cwe, struts) Try-with-resources should be used (pitfall) Web applications should use validation filters (injection, owasp-a1, security) 完整介绍请看发行说明。 SonarQube Java 3.10 发布,Java 代码质量检查下载地址
