SonarQube Java 3.10 发布,这是 Sonar 用来分析 Java 项目代码的插件。该版本改进了 Symbolic Execution 引擎
包含 17 条新的规则:
“action” mappings should not have too many “forward” entries (brain-overload, struts)
“catch” clauses should do more than rethrow (clumsy, unused)
“InterruptedException” should not be ignored (bug, cwe, multi-threading)
“private” methods called only by inner classes should be moved to those classes (confusing)
“SingleConnectionFactory” instances should be set to “reconnectOnException” (bug, spring)
Default EJB interceptors should be declared in “ejb-jar.xml” (bug)
Deprecated “${pom}” properties should not be used (maven, obsolete)
EJB interceptor exclusions should be declared as annotations (pitfall)
Functions should not be defined with a variable number of arguments (cert, misra, pitfall)
Security constraints should be defined (cwe, jee, owasp-a7, security, websphere)
Struts validation forms should have unique names (bug, cwe, struts)
Web applications should use validation filters (injection, owasp-a1, security)
完整介绍请看发行说明。
暂无更多评论