Releases: pmd/pmd
PMD 6.40.0 (30-October-2021)
30-October-2021 - 6.40.0
The PMD team is pleased to announce PMD 6.40.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated Apex Support
- The Apex language support has been bumped to version 54.0 (Spring '22).
New rules
- The new Apex rule
EagerlyLoadedDescribeSObjectResultfinds
DescribeSObjectResults which could have been loaded eagerly viaSObjectType.getDescribe().
<rule ref="category/apex/performance.xml/EagerlyLoadedDescribeSObjectResult" />Modified rules
-
The Apex rule
ApexUnitTestClassShouldHaveAssertshas a new property
additionalAssertMethodPattern. When specified the pattern is evaluated against each invoked
method name to determine whether it represents a test assertion in addition to the standard names. -
The Apex rule
ApexDochas a new propertyreportMissingDescription.
If set tofalse(default istrueif unspecified) doesn't report an issue if the@description
tag is missing. This is consistent with the ApexDoc dialect supported by derivatives such as
SfApexDoc and also with analogous documentation tools for
other languages, e.g., JavaDoc, ESDoc/JSDoc, etc. -
The Apex rule
ApexCRUDViolationhas a couple of new properties:
These allow specification of regular-expression-based patterns for additional methods that should
be considered valid for pre-CRUD authorization beyond those offered by the system Apex checks and
ESAPI, e.g.,sirono-common'sAuthorizationUtilclass.
Two new properties have been added per-CRUD operation, one to specify the naming pattern for a method
that authorizes that operation and another to specify the argument passed to that method that contains
theSObjectTypeinstance of the type being authorized. Here is an example of these new properties:<rule ref="category/apex/security.xml/ApexCRUDViolation" message="..."> <priority>3</priority> <properties> <property name="createAuthMethodPattern" value="AuthorizationUtil\.(is|assert)(Createable|Upsertable)"/> <!-- There's one of these properties for each operation, and the default value is 0 so this is technically superfluous, but it's included it here for example purposes. --> <property name="createAuthMethodTypeParamIndex" value="0"/> <property name="readAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Accessible"/> <property name="updateAuthMethodPattern" value="AuthorizationUtil\.(is|assert)(Updateable|Upsertable)"/> <property name="deleteAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Deletable"/> <property name="undeleteAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Undeletable"/> <property name="mergeAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Mergeable"/> </properties> </rule>
-
The Apex rule
EmptyStatementBlockhas two new properties:Setting
reportEmptyPrivateNoArgConstructortofalseignores empty private no-arg constructors
that are commonly used in singleton pattern implementations and utility classes in support of
prescribed best practices.Setting
reportEmptyVirtualMethodtofalseignores empty virtual methods that are commonly used in
abstract base classes as default no-op implementations when derived classes typically only override a
subset of virtual methods.By default, both properties are
trueto not change the default behaviour of this rule. -
The Apex rule
EmptyCatchBlockhas two new properties modeled after the analgous Java rule:The
allowCommentedBlocksproperty, when set totrue(defaults tofalse), ignores empty blocks containing comments, e.g.:try { doSomethingThatThrowsAnExpectedException(); System.assert(false, 'Expected to catch an exception.'); } catch (Exception e) { // Expected }
The
allowExceptionNameRegexproperty is a regular expression for exception variable names for which empty catch blocks should be ignored by this rule. For example, using the default property value of^(ignored|expected)$, the following empty catch blocks will not be reported:try { doSomethingThatThrowsAnExpectedException(); System.assert(false, 'Expected to catch an exception.'); } catch (IllegalStateException ignored) { } catch (NumberFormatException expected) { }
-
The Apex rule
OneDeclarationPerLinehas a new propertyreportInForLoopInitializer:
If set tofalse(default istrueif unspecified) doesn't report an issue for multiple declarations in
aforloop's initializer section. This is support the common idiom of one declaration for the loop variable
and another for the loop bounds condition, e.g.,for (Integer i = 0, numIterations = computeNumIterations(); i < numIterations; i++) { }
-
The Java rule
ClassNamingConventionsuses a different default value of the
propertyutilityClassPattern: This rule was detecting utility classes by default since PMD 6.3.0
and enforcing the naming convention that utility classes has to be suffixed with Util or Helper or Constants.
However this turned out to be not so useful as a default configuration, as there is no standard
naming convention for utility classes.With PMD 6.40.0, the default value of this property has been changed to
[A-Z][a-zA-Z0-9]*
(Pascal case), effectively disabling the special handling of utility classes. This is the same default
pattern used for concrete classes.This means, that the feature to enforce a naming convention for utility classes is now a opt-in
feature and can be enabled on demand.To use the old behaviour, the property needs to be configured as follows:
<rule ref="category/java/codestyle.xml/ClassNamingConventions"> <properties> <property name="utilityClassPattern" value="[A-Z][a-zA-Z0-9]+(Utils?|Helper|Constants)" /> </properties> </rule>
Fixed Issues
- apex
- #1089: [apex] ApexUnitTestClassShouldHaveAsserts: Test asserts in other methods not detected
- #1090: [apex] ApexCRUDViolation: checks not detected if done in another method
- #3532: [apex] Promote usage of consistent getDescribe() info
- #3566: [apex] ApexDoc rule should not require "@description"
- #3568: [apex] EmptyStatementBlock: should provide options to ignore empty private constructors and empty virtual methods
- #3569: [apex] EmptyCatchBlock: should provide an option to ignore empty catch blocks in test methods
- #3570: [apex] OneDeclarationPerLine: should provide an option to ignore multiple declarations in a for loop initializer
- #3576: [apex] ApexCRUDViolation should provide an option to specify additional patterns for methods that encapsulate authorization checks
- #3579: [apex] ApexCRUDViolation: false negative with undelete
- java-bestpractices
- #3542: [java] MissingOverride: False negative for enum method
- java-codestyle
- java-errorprone
- #3560: [java] InvalidLogMessageFormat: False positive with message and exception in a block inside a lambda
- java-performance
- #2364: [java] AddEmptyString false positive in annotation value
- java-security
- #3368: [java] HardcodedCryptoKey false negative with variable assignments
API Changes
Experimental APIs
- The interface
ASTCommentContainer</a...
Contributors
Assets 5
PMD 6.39.0 (25-September-2021)
25-September-2021 - 6.39.0
The PMD team is pleased to announce PMD 6.39.0.
This is a minor release.
Table Of Contents
New and noteworthy
All Contributors
PMD follows the All Contributors specification.
Contributions of any kind welcome!
See credits for our complete contributors list.
Fixed Issues
- core
- #3499: [core] Fix XPath rulechain with combined node tests
- java-errorprone
- #3493: [java] AvoidAccessibilityAlteration: add tests and fix rule
- javascript
- #3516: [javascript] NPE while creating rule violation when specifying explicit line numbers
- plsql
API Changes
No changes.
External Contributions
- #3516: [javascript] NPE while creating rule violation when specifying explicit line numbers - Kevin Guerra
Stats
- 37 commits
- 10 closed tickets & PRs
- Days since last release: 27
PMD 6.38.0 (28-August-2021)
28-August-2021 - 6.38.0
The PMD team is pleased to announce PMD 6.38.0.
This is a minor release.
Table Of Contents
Fixed Issues
- apex
- core
- #3446: [core] Allow XPath rules to access the current file name
- java-bestpractices
- #3403: [java] MethodNamingConventions junit5TestPattern does not detect parameterized tests
External Contributions
- #3445: [java] Fix #3403 about MethodNamingConventions and JUnit5 parameterized tests - Cyril Sicard
- #3470: [apex] Fix ApexCRUDViolationRule - add super call - Josh Feingold
Stats
- 32 commits
- 8 closed tickets & PRs
- Days since last release: 27
PMD 6.37.0 (31-July-2021)
31-July-2021 - 6.37.0
The PMD team is pleased to announce PMD 6.37.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 17 Support
This release of PMD brings support for Java 17. PMD supports JEP 409: Sealed Classes
which has been promoted to be a standard language feature of Java 17.
PMD also supports JEP 406: Pattern Matching for switch (Preview) as a preview
language feature. In order to analyze a project with PMD that uses these language features, you'll need to enable
it via the environment variable PMD_JAVA_OPTS and select the new language version 17-preview:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 17-preview ...
Note: Support for Java 15 preview language features have been removed. The version "15-preview" is no longer available.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer.
For the changes, see PMD Designer Changelog.
New rules
This release ships with 3 new Java rules.
PrimitiveWrapperInstantiationreports usages of primitive wrapper
constructors. They are deprecated since Java 9 and should not be used.
<rule ref="category/java/bestpractices.xml/PrimitiveWrapperInstantiation" />The rule is part of the quickstart.xml ruleset.
SimplifiableTestAssertionsuggests rewriting
some test assertions to be more readable.
<rule ref="category/java/bestpractices.xml/SimplifiableTestAssertion" />The rule is part of the quickstart.xml ruleset.
ReturnEmptyCollectionRatherThanNullsuggests returning empty collections / arrays
instead of null.
<rule ref="category/java/errorprone.xml/ReturnEmptyCollectionRatherThanNull" />The rule is part of the quickstart.xml ruleset.
Renamed rules
- The Java rule
MissingBreakInSwitchhas been renamed to
ImplicitSwitchFallThrough(category error prone) to better reflect the rule's
purpose: The rule finds implicit fall-through cases in switch statements, which are most
likely unexpected. The old rule name described only one way how to avoid a fall-through,
namely usingbreakbutcontinue,throwandreturnavoid a fall-through
as well. This enables us to improve this rule in the future.
Deprecated rules
-
The following Java rules are deprecated and removed from the quickstart ruleset,
as the new ruleSimplifiableTestAssertionmerges
their functionality: -
The Java rule
ReturnEmptyArrayRatherThanNullis deprecated and removed from
the quickstart ruleset, as the new ruleReturnEmptyCollectionRatherThanNull
supersedes it. -
The following Java rules are deprecated and removed from the quickstart ruleset,
as the new rulePrimitiveWrapperInstantiationmerges
their functionality: -
The Java rule
UnnecessaryWrapperObjectCreationis deprecated
with no planned replacement before PMD 7. In it's current state, the rule is not useful
as it finds only contrived cases of creating a primitive wrapper and unboxing it explicitly
in the same expression. In PMD 7 this and more cases will be covered by a
new ruleUnnecessaryBoxing.
Fixed Issues
- apex
- core
- java-bestpractices
- java-errorprone
- java-performance
- #3420: [java] NPE in
InefficientStringBufferingwith Records
- #3420: [java] NPE in
API Changes
PMD CLI
-
PMD has a new CLI option
-force-language. With that a language can be forced to be used for all input files,
irrespective of filenames. When using this option, the automatic language selection by extension is disabled
and all files are tried to be parsed with the given language. Parsing errors are ignored and unparsable files
are skipped.This option allows to use the xml language for files, that don't use xml as extension.
See also the examples on PMD CLI reference.
Experimental APIs
- The AST types and APIs around Sealed Classes are not experimental anymore:
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi annotation. You'll also get a deprecation warning.
- The inner class
net.sourceforge.pmd.cpd.TokenEntry.Stateis considered to be internal API.
It will probably be moved away with PMD 7.
External Contributions
- #3367: [apex] Check SOQL CRUD on for loops - Jonathan Wiesel
- #3373: [apex]...
PMD 6.36.0 (26-June-2021)
26-June-2021 - 6.36.0
The PMD team is pleased to announce PMD 6.36.0.
This is a minor release.
Table Of Contents
New and noteworthy
Improved Incremental Analysis
Incremental Analysis has long helped
our users obtain faster analysis results, however, its implementation tended to be too cautious in detecting
changes to the runtime and type resolution classpaths, producing more cache invalidations than necessary.
We have now improved the heuristics to remove several bogus invalidations, and slightly sped up the cache
usage along the way.
PMD will now ignore:
- Non class files in classpath and jar / zip files being referenced.
- Changes to the order of file entries within a jar / zip
- Changes to file metadata within jar / zip (ie: creation and modification time,
significant in multi-module / composite build projects where lateral artifacts are frequently recreated)
New rules
- The new Apex rule
AvoidDebugStatementsfinds usages ofSystem.debugcalls.
Debug statements contribute to longer transactions and consume Apex CPU time even when debug logs are not
being captured.
You can try out this rule like so:
<rule ref="category/apex/performance.xml/AvoidDebugStatements" />- The new Apex rule
InaccessibleAuraEnabledGetterchecks that anAuraEnabled
getter is public or global. This is necessary if it is referenced in Lightning components.
You can try out this rule like so:
<rule ref="category/apex/errorprone.xml/InaccessibleAuraEnabledGetter" />Renamed rules
- The Java rule
BadComparisonhas been renamed to
ComparisonWithNaNto better reflect what the rule actually detects.
It now considers usages ofDouble.NaNorFloat.NaNin more cases and fixes false negatives.
Fixed Issues
- apex
- core
- java-bestpractices
- #957: [java] GuardLogStatement: False positive with compile-time constant arguments
- #3076: [java] UnusedAssignment reports unused variable when used in increment expr
- #3114: [java] UnusedAssignment false positive when reporting unused variables
- #3315: [java] LiteralsFirstInComparisons false positive with two constants
- #3341: [java] JUnitTestsShouldIncludeAssert should support Junit 5
- #3340: [java] NullPointerException applying rule GuardLogStatement
- java-codestyle
- #3317: [java] Update UnnecessaryImport to recognize usage of imported types in javadoc's
@exceptiontag
- #3317: [java] Update UnnecessaryImport to recognize usage of imported types in javadoc's
- java-errorprone
- #2895: [java] Improve BadComparison and rename to ComparisonWithNaN
- #3284: [java] InvalidLogMessageFormat may examine the value of a different but identically named String variable
- #3304: [java] NPE in MoreThanOneLoggerRule on a java 16 record
- #3305: [java] ConstructorCallsOverridableMethodRule IndexOutOfBoundsException on a java16 record
- #3343: [java] CloneMethodMustImplementCloneable: FN with local classes
- java-performance
API Changes
No changes.
External Contributions
- #3276: [apex] Update ApexCRUDViolation and OperationWithLimitsInLoop docs - Jonathan Wiesel
- #3306: [java] More than one logger rule test null pointer exception - Arnaud Jeansen
- #3317: [java] Update UnnecessaryImport to recognize usage of imported types in javadoc's
@exceptiontag - Piotrek Żygieło - #3319: [apex] New AvoidDebugStatements rule to mitigate performance impact - Jonathan Wiesel
- #3320: [java] Fix incorrect increment for "else if" branch in Cognitive Complexity docs - Denis Borovikov
- #3322: [apex] added rule to detect inaccessible AuraEnabled getters - Philippe Ozil
- #3323: [core] Adds fullDescription and tags in SARIF report - Clint Chester
- #3339: [java] JUnitTestsShouldIncludeAssert Tweak assertion definition to avoid false positive with modern JUnit5 - Arnaud Jeansen
Stats
- 81 commits
- 36 closed tickets & PRs
- Days since last release: 28
PMD 6.35.0 (29-May-2021)
29-May-2021 - 6.35.0
The PMD team is pleased to announce PMD 6.35.0.
This is a minor release.
Table Of Contents
New and noteworthy
Javascript module now requires at least Java 8
The latest version of Rhino, the implementation of JavaScript we use
for parsing JavaScript code, requires at least Java 8. Therefore we decided to upgrade the pmd-javascript
module to Java 8 as well. This means that from now on, a Java 8 or later runtime is required in order
to analyze JavaScript code. Note that PMD core still only requires Java 7.
New rules
This release ships with 3 new Java rules.
JUnit5TestShouldBePackagePrivate
enforces the convention that JUnit 5 tests should have minimal visibility.
You can try out this rule like so:
<rule ref="category/java/bestpractices.xml/JUnit5TestShouldBePackagePrivate" />CognitiveComplexityuses the cognitive complexity
metric to find overly complex code. This metric improves on the similar cyclomatic complexity
in several ways, for instance, it incentivizes using clearly readable shorthands and idioms.
See the rule documentation for more details. You can try out this rule like so:
<rule ref="category/java/design.xml/CognitiveComplexity" />MutableStaticStatefinds non-private static fields
that are not final. These fields break encapsulation since these fields can be modified from anywhere
within the program. You can try out this rule like so:
<rule ref="category/java/design.xml/MutableStaticState" />Modified rules
- The Java rule
CompareObjectsWithEqualshas now a new property
typesThatCompareByReference. With that property, you can configure types, that should be whitelisted
for comparison by reference. By default,java.lang.Enumandjava.lang.Classare allowed, but
you could add custom types here.
Additionally comparisons against constants are allowed now. This makes the rule less noisy when two constants
are compared. Constants are identified by looking for an all-caps identifier.
Deprecated rules
-
The java rule
DefaultPackagehas been deprecated in favor of
CommentDefaultAccessModifier.The rule "DefaultPackage" assumes that any usage of package-access is accidental,
and by doing so, prohibits using a really fundamental and useful feature of the language.To satisfy the rule, you have to make the member public even if it doesn't need to, or make it protected,
which muddies your intent even more if you don't intend the class to be extended, and may be at odds with
other rules likeAvoidProtectedFieldInFinalClass.The rule
CommentDefaultAccessModifiershould be used instead.
It flags the same thing, but has an escape hatch. -
The Java rule
CloneThrowsCloneNotSupportedExceptionhas been deprecated without
replacement.The rule has no real value as
CloneNotSupportedExceptionis a
checked exception and therefore you need to deal with it while implementing theclone()method. You either
need to declare the exception or catch it. If you catch it, then subclasses can't throw it themselves explicitly.
However,Object.clone()will still throw this exception if theCloneableinterface is not implemented.Note, this rule has also been removed from the Quickstart Ruleset (
rulesets/java/quickstart.xml).
Fixed Issues
- apex
- core
- doc
- #3230: [doc] Remove "Edit me" button for language index pages
- dist
- #2466: [dist] Distribution archive doesn't include all batch scripts
- java
- #3269: [java] Fix NPE in MethodTypeResolution
- java-bestpractices
- #1175: [java] UnusedPrivateMethod FP with Junit 5 @MethodSource
- #2219: [java] Document Reasons to Avoid Reassigning Parameters
- #2737: [java] Fix misleading rule message on rule SwitchStmtsShouldHaveDefault with non-exhaustive enum switch
- #3236: [java] LiteralsFirstInComparisons should consider constant fields (cont'd)
- #3239: [java] PMD could enforce non-public methods for Junit5 / Jupiter test methods
- #3254: [java] AvoidReassigningParameters reports violations on wrong line numbers
- java-codestyle
- #2655: [java] UnnecessaryImport false positive for on-demand imports
- #3206: [java] Deprecate rule DefaultPackage
- #3262: [java] FieldDeclarationsShouldBeAtStartOfClass: false negative with anon classes
- #3265: [java] MethodArgumentCouldBeFinal: false negatives with interfaces and inner classes
- #3266: [java] LocalVariableCouldBeFinal: false negatives with interfaces, anon classes
- #3274: [java] OnlyOneReturn: false negative with anonymous class
- #3275: [java] UnnecessaryLocalBeforeReturn: false negatives with lambda and anon class
- java-design
- java-errorprone
- #3110: [java] Enhance CompareObjectsWithEquals with list of exceptions
- #3112: [java] Deprecate rule CloneThrowsCloneNotSupportedException
- #3205: [java] Make CompareObjectWithEquals allow comparing against constants
- #3248: [java] Documentation is wrong for SingletonClassReturningNewInstance rule
- #3249: [java] AvoidFieldNameMatchingTypeName: False negative with interfaces
- #3268: [java] ConstructorCallsOverridableMethod: IndexOutOfBoundsException with annotations
- java-performance
- #1438: [java] InsufficientStringBufferDeclaration false positive for initial calculated StringBuilder size
- javascript
API Changes
Deprecated API
PMD#doPMDis deprecated.
UsePMD#runPMDinstead.PMD#runis deprecated.
UsePMD#runPMDinstead.ThreadSafeReportListenerand the methods to use them in <a href="https://docs.pmd-code.org/...
PMD 6.34.0 (24-April-2021)
24-April-2021 - 6.34.0
The PMD team is pleased to announce PMD 6.34.0.
This is a minor release.
Table Of Contents
New and noteworthy
New rules
-
The new Java rule
UseStandardCharsetsfinds usages ofCharset.forName,
whereStandardCharsetscan be used instead.This rule is also part of the Quickstart Ruleset (
rulesets/java/quickstart.xml) for Java. -
The new Java rule
UnnecessaryImportreplaces the rules
UnusedImports,DuplicateImports,
ImportFromSamePackage, andDontImportJavaLang.This rule is also part of the Quickstart Ruleset (
rulesets/java/quickstart.xml) for Java.
Modified rules
- The Apex rule
ApexCRUDViolationdoes not ignore getters anymore and also flags
SOQL/SOSL/DML operations without access permission checks in getters. This will produce false positives now for
VF getter methods, but we can't reliably detect, whether a getter is a VF getter or not. In such cases,
the violation should be suppressed.
Deprecated rules
-
java-bestpractices
UnusedImports: use the ruleUnnecessaryImportinstead
-
java-codestyle
DuplicateImports: use the ruleUnnecessaryImportinsteadDontImportJavaLang: use the ruleUnnecessaryImportinstead
-
java-errorprone
ImportFromSamePackage: use the ruleUnnecessaryImportinstead
Fixed Issues
- apex-performance
- #3198: [apex] OperationWithLimitsInLoopRule: Support more limit consuming static method invocations
- apex-security
- java-bestpractices
- java-codestyle
- #3128: [java] New rule UnnecessaryImport, deprecate DuplicateImports, ImportFromSamePackage, UnusedImports
- java-errorprone
API Changes
No changes.
External Contributions
- #3193: [java] New rule: UseStandardCharsets - Andrea Aime
- #3198: [apex] OperationWithLimitsInLoopRule: Support more limit consuming static method invocations - Jonathan Wiesel
- #3211: [apex] ApexCRUDViolationRule: Do not assume method is VF getter to avoid CRUD checks - Jonathan Wiesel
- #3234: [apex] ApexCRUDViolation: COUNT is indeed CRUD checkable since it exposes data (false-negative) - Jonathan Wiesel
Stats
- 74 commits
- 18 closed tickets & PRs
- Days since last release: 27
PMD 6.33.0 (27-March-2021)
27-March-2021 - 6.33.0
The PMD team is pleased to announce PMD 6.33.0.
This is a minor release.
Table Of Contents
New and noteworthy
PLSQL parsing exclusions
The PMD PLSQL parser might not parse every valid PL/SQL code without problems.
In order to still use PMD on such files, you can now mark certain lines for exclusion from
the parser. More information can be found in the language specific documentation for PLSQL.
Fixed Issues
- apex-design
- #3142: [apex] ExcessiveClassLength multiple warning on the same class
- java
- java-bestpractices
- #3118: [java] UnusedPrivateMethod false positive when passing in lombok.val as argument
- #3144: [java] GuardLogStatement can have more detailed example
- #3155: [java] GuardLogStatement: False negative with unguarded method call
- #3160: [java] MethodReturnsInternalArray does not consider static final fields and fields initialized with empty array
- java-errorprone
- #2977: [java] CloseResource: false positive with reassignment detection
- #3146: [java] InvalidLogMessageFormat detection failing when String.format used
- #3148: [java] CloseResource false positive with Objects.nonNull
- #3165: [java] InvalidLogMessageFormat detection failing when String.format used in a variable
- java-performance
- plsql
- #195: [plsql] Ampersand '&' causes PMD processing error in sql file - Lexical error in file
External Contributions
- #3161: [plsql] Add support for lexical parameters in SQL*Plus scripts, allow excluding lines which the parser does not understand - Henning von Bargen
- #3167: [java] Minor typo in quickstart ruleset - Austin Tice
Stats
- 49 commits
- 27 closed tickets & PRs
- Days since last release: 28
PMD 6.32.0 (27-February-2021)
27-February-2021 - 6.32.0
The PMD team is pleased to announce PMD 6.32.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 16 Support
This release of PMD brings support for Java 16. PMD supports JEP 394: Pattern Matching for instanceof and JEP 395: Records. Both have been promoted
to be a standard language feature of Java 16.
PMD also supports JEP 397: Sealed Classes (Second Preview) as a preview
language feature. In order to analyze a project with PMD that uses these language features, you'll need to enable
it via the environment variable PMD_JAVA_OPTS and select the new language version 16-preview:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 16-preview ...
Note: Support for Java 14 preview language features have been removed. The version "14-preview" is no longer available.
Modified Rules
- The Apex rule
ApexDochas two new properties:reportPrivateand
reportProtected. Previously the rule only considered public and global classes, methods, and
properties. With these properties, you can verify the existence of ApexDoc comments for private
and protected methods as well. By default, these properties are disabled to preserve backwards
compatible behavior.
Fixed Issues
- apex-documentation
- #3075: [apex] ApexDoc should support private access modifier
- java
- #3101: [java] NullPointerException when running PMD under JRE 11
- java-bestpractices
- #3132: [java] UnusedImports with static imports on subclasses
- java-errorprone
- plsql
- #3106: [plsql] ParseException while parsing EXECUTE IMMEDIATE 'drop database link ' || linkname;
API Changes
Experimental APIs
- The experimental class
ASTTypeTestPatternhas been renamed toASTTypePattern
in order to align the naming to the JLS. - The experimental class
ASTRecordConstructorDeclarationhas been renamed toASTCompactConstructorDeclaration
in order to align the naming to the JLS. - The AST types and APIs around Pattern Matching and Records are not experimental anymore:
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi annotation. You'll also get a deprecation warning.
- The protected or public member of the Java rule
AvoidUsingHardCodedIPRule
are deprecated and considered to be internal API. They will be removed with PMD 7.
External Contributions
- #3098: [apex] ApexDoc optionally report private and protected - Jonathan Wiesel
- #3107: [plsql] Fix ParseException for EXECUTE IMMEDIATE str1||str2; - hvbtup
- #3125: [doc] Fix sample code indentation in documentation - Artur Dryomov
Stats
- 43 commits
- 21 closed tickets & PRs
- Days since last release: 27
PMD 6.31.0 (30-January-2021)
30-January-2021 - 6.31.0
The PMD team is pleased to announce PMD 6.31.0.
This is a minor release.
Table Of Contents
New and noteworthy
SARIF Format
PMD now supports the Static Analysis Results Interchange Format (SARIF)
as an additional report format. Just use the command line parameter -format sarif to select it.
SARIF is an OASIS standard format for static analysis tools.
PMD creates SARIF JSON files in SARIF version 2.1.0.
An example report can be found in the documentation in Report formats for PMD.
CPD
- The C++ module now supports the new option
--ignore-literal-sequences,
which can be used to avoid detection of some uninteresting clones. This options has been
introduced with PMD 6.30.0 for C# and is now available for C++ as well. See #2963.
New Rules
-
The new Apex rule
OverrideBothEqualsAndHashcodebrings the well known Java rule
to Apex. In Apex the same principle applies:equalsandhashCodeshould always be overridden
together to ensure collection classes such as Maps and Sets work as expected. -
The new Visualforce rule
VfHtmlStyleTagXsschecks for potential XSS problems
when using<style>tags on Visualforce pages.
Deprecated rules
- java-performance
AvoidUsingShortType: arithmetic on shorts is not significantly
slower than on ints, whereas using shorts may provide significant memory savings in arrays.SimplifyStartsWith: the suggested code transformation has an
insignificant performance impact, and decreases readability.
Fixed Issues
- core
- java-bestpractices
- #575: [java] LiteralsFirstInComparisons should consider constant fields
- #2454: [java] UnusedPrivateMethod violation for disabled class in 6.23.0
- #2833: [java] NPE in UseCollectionIsEmptyRule with enums
- #2876: [java] UnusedPrivateField cannot override ignored annotations property
- #2957: [java] Ignore unused declarations that have special name
- java-codestyle
- #2960: [java] Thread issue in MethodNamingConventionsRule
- java-design
- #3006: [java] NPE in SingularFieldRule with concise resource syntax
- java-errorprone
- #2976: [java] CompareObjectsWithEquals: FP with array.length
- #2977: [java] 6.30.0 introduces new false positive in CloseResource rule?
- #2979: [java] UseEqualsToCompareStrings: FP with "var" variables
- #3004: [java] UseEqualsToCompareStrings false positive with PMD 6.30.0
- #3062: [java] CloseResource FP with reassigned stream
- java-performance
- vf-security
- #3081: [vf] VfUnescapeEl: Inherently un-XSS-able built-in functions trigger false positives
API Changes
Deprecated API
AbstractDomXmlRuleAbstractWsdlRule- A few methods of
AbstractXmlRule
Experimental APIs
- The method
GenericToken#getKindhas been added as experimental. This
unifies the token interface for both JavaCC and Antlr. The already existing method
AntlrToken#getKindis therefore experimental as well. The
returned constant depends on the actual language and might change whenever the grammar
of the language is changed.
External Contributions
- #2666: [swift] Manage swift5 string literals - kenji21
- #2959: [apex] New Rule: override equals and hashcode rule - recdevs
- #2963: [cpp] Add option to ignore sequences of literals - Maikel Steneker
- #2964: [cs] Update C# grammar for additional C# 7 and C# 8 features - Maikel Steneker
- #2965: [cs] Improvements for ignore sequences of literals functionality - Maikel Steneker
- #2968: [java] NPE in UseCollectionIsEmptyRule with enums - foxmason
- #2983: [java] LiteralsFirstInComparisons should consider constant fields - Ozan Gulle
- #2994: [core] Fix code climate severity strings - Vincent Maurin
- #3005: [vf] [New Rule] Handle XSS violations that can occur within Html Style tags - rmohan20
- #3073: [core] Include SARIF renderer - Manuel Moya Ferrer
- #3084: [vf] VfUnescapeEl false-positive with builtin functions - Josh Feingold
Stats
- 116 commits
- 40 closed tickets & PRs
- Days since last release: 49