内容简介:Sonar Java 5.9 发布了,Sonar (SonarQube)是一个开源平台,用于管理源代码的质量。Sonar 不只是一个质量数据报告工具,更是代码质量管理平台。支持的语言包括:Java、PHP、C#、C、Cobol、PL/SQL、Flex 等。Son...
Sonar Java 5.9 发布了,Sonar (SonarQube)是一个开源平台,用于管理源代码的质量。Sonar 不只是一个质量数据报告工具,更是代码质量管理平台。支持的语言包括:Java、 PHP 、C#、C、Cobol、PL/SQL、Flex 等。SonarQube Java 是 Sonar 的一个插件,用来分析 Java 代码。
此版本新增了 29 条无则,包括 12 条安全热点规则(SECURITY HOTSPOTS RULES)、7 个 Bug 检测和 10 个 Code Smell 规则。
值得介绍的是安全热点,它是一种特殊类型的问题,它可以识别安全敏感的代码区域,帮助安全分析师确定代码是否存在漏洞。此次新增的安全热点规则包含一些最常见的安全敏感代码模式,例如执行正则表达式、加密数据或控制访问控制。此外还有涵盖了多个框架和库的规则,如 Guava、Apache Commons、Spring 等,每条规则都解释了可能潜伏的危险,以确定代码是否易受攻击,并提供建议。
S4817 - Executing XPath expressions is security-sensitive (Security Hotspot)
S4784 - Using regular expressions is security-sensitive (Security Hotspot)
S4790 - Hashing data is security-sensitive (Security Hotspot)
S4787 - Encrypting data is security-sensitive (Security Hotspot)
S1523 - Dynamically executing code is security-sensitive (Security Hotspot)
S4825 - Sending HTTP requests is security-sensitive (Security Hotspot)
S4792 - Configuring loggers is security-sensitive (Security Hotspot)
S4834 - Controlling permissions is security-sensitive (Security Hotspot)
S4797 - Handling files is security-sensitive (Security Hotspot)
S4829 - Reading the Standard Input is security-sensitiv (Security Hotspot)
S4823 - Using command line arguments is security-sensitive (Security Hotspot)
S4818 - Using Sockets is security-sensitive (Security Hotspot)
S3065 - Min and max used in combination should not always return the same value (Bug)
S3078 - "volatile" variables should not be used with compound operators (Bug)
S2689 - Files opened in append mode should not be used with ObjectOutputStream (Bug)
S3822 - Hibernate should not update database schemas (Bug)
S4517 - InputSteam.read() implementation should not return a signed byte (Bug)
S3032 - JEE applications should not "getClassLoader" (Bug)
S3077 - Non-primitive fields should not be "volatile" (Bug)
S2139 - Exceptions should be either logged or rethrown but not both (Code Smell)
S4738 - Java 8 features should be preferred to Guava (Code Smell)
S4838 - An iteration on a Collection should be performed on the type handled by the Collection (Code Smell)
S4682 - "@CheckForNull" or "@Nullable" should not be used on primitive types (Code Smell)
S4925 - "Class.forName()" should not load JDBC 4.0+ drivers (Code Smell)
S4929 - "read(byte[],int,int)" should be overridden (Code Smell)
S4926 - "serialVersionUID" should not be declared blindly (Code Smell)
S4719 - "StandardCharsets" constants should be preferred (Code Smell)
S3864 - "Stream.peek" should not be used (Code Smell)
S3014 - "ThreadGroup" should not be used (Code Smell)
详情查看发布公告。
【声明】文章转载自:开源中国社区 [http://www.oschina.net]
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:- Hibernate Validator 6.0.6 发布,新增约束规则
- Sonar Java 5.9 发布,新增 29 条规则
- Hibernate Validator 6.0.3.Final 发布,新增约束规则
- PMD 6.5.0 发布,新增检测使用非官方支持注释的规则
- 神经规则引擎:让符号规则学会变通
- ???? 图解 == 操作符规则和不同类型间转换规则
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。