SonarLint for Eclipse 3.6 发布，可激活或停用任意规则

栏目: 软件资讯 · 发布时间: 6年前

内容简介：SonarLint for Eclipse 3.6 已发布，该版本在规则的管理上更进一步，现在可以在 Eclipse 首选项中找到已打开或关闭的规则，阅读其描述并选择激活或停用。该版本还包含最新版本的 SonarJava analyzer ，支持使用 ...

SonarLint for Eclipse 3.6 已发布，该版本在规则的管理上更进一步，现在可以在 Eclipse 首选项中找到已打开或关闭的规则，阅读其描述并选择激活或停用。

SonarLint for Eclipse 3.6 发布，可激活或停用任意规则

该版本还包含最新版本的 SonarJava analyzer ，支持使用 Java 10 构建的项目。

此外，还包含 29 条新规则：

S2761 - Unary prefix operators should not be repeated (Bug)
S4351 - "compareTo" should not be overloaded (Bug, pitfall)
S3366 - "this" should not be exposed from constructors (Code Smell, multi-threading, cwe, suspicious)
S4449 - Nullness of parameters should be guaranteed (Code Smell)
S4454 - "equals" method parameters should not be marked "@Nonnull" (Code Smell)
S126 - "if ... else if" constructs should end with "else" clauses (Code Smell, misra, cert)
S1821 - "switch" statements should not be nested (Code Smell, pitfall)
S4423 - Weak SSLContexts should not be used (Vulnerability, owasp-a6, cwe, sans-top25-porous)
S3510 - HostnameVerifier.verify" should not always return true (Vulnerability, owasp-a6, cwe)
S4201 - Null check should not be used with instanceof (Code Smell)
S4248 - Regex patterns should not be created needlessly (Code Smell, performance)
S4274 - Asserts should not be used to check the parameters of a public method (Code Smell, pitfall)
S4276 - Functional Interfaces should be as specialised as possible (Code Smell, performance)
S2234 - Parameters should be passed in the correct order (Code Smell)
S4524 - "default" clauses should be last (Code Smell, misra)
S3626 - Jump statements should not be redundant (Code Smell, clumsy)
S4425 - "Integer.toHexString" should not be used to build hexadecimal strings (Code Smell, cwe)
S3973 - Conditionally executed code should be denoted by either indentation or curly braces (Code Smell, suspicious)
S4424 - TrustManagers should not blindly accept any certificates (Vulnerability, owasp-a6, cwe, cert)
S2255 - Cookies should not be used to store sensitive information (Vulnerability, owasp-a3, cwe, cert)
S2755 - Untrusted XML should be parsed with a local, static DTD (Vulnerability, owasp-a1, owasp-a4, cwe)
S3329 - Cypher Block Chaining IV's should be random and unique (Vulnerability, owasp-a6, cwe)
S3330 - "HttpOnly" should be set on cookies (Vulnerability, owasp-a7, cwe, sans-top25-insecure)
S4426 - Cryptographic keys should not be too short (Vulnerability, owasp-a3, cwe)
S4432 - AES encryption algorithm should be used with secured mode (Vulnerability, owasp-a6, cwe, cert, sans-top25-porous)
S4433 - LDAP connections should be authenticated (Vulnerability, owasp-a2, cwe)
S4434 - LDAP deserialization should be disabled (Vulnerability, owasp-a8, cwe, cert)
S4435 - XML transformers should be secured (Vulnerability, owasp-a4, cwe)
S4499 - SMTP SSL connection should check server identity (Vulnerability, owasp-a3, cwe)