智能化下的产物,无人棋牌室
SonarQube Java 3.10 发布,这是 Sonar 用来分析 Java 项目代码的插件。该版本改进了 Symbolic Execution 引擎
包含 17 条新的规则:
- “action” mappings should not have too many “forward” entries (brain-overload, struts)
- “catch” clauses should do more than rethrow (clumsy, unused)
- “InterruptedException” should not be ignored (bug, cwe, multi-threading)
- “private” methods called only by inner classes should be moved to those classes (confusing)
- “SingleConnectionFactory” instances should be set to “reconnectOnException” (bug, spring)
- Default EJB interceptors should be declared in “ejb-jar.xml” (bug)
- Deprecated “${pom}” properties should not be used (maven, obsolete)
- Disallowed dependencies should not be used (maven)
- EJB interceptor exclusions should be declared as annotations (pitfall)
- Functions should not be defined with a variable number of arguments (cert, misra, pitfall)
- Inappropriate regular expressions should not be used (bug)
- Method overrides should not change contracts (suspicious)
- Methods should not return constants (confusing)
- Security constraints should be defined (cwe, jee, owasp-a7, security, websphere)
- Struts validation forms should have unique names (bug, cwe, struts)
- Try-with-resources should be used (pitfall)
- Web applications should use validation filters (injection, owasp-a1, security)
完整介绍请看发行说明。