Previous versions of PMD can be downloaded here: https://github.com/pmd/pmd/releases
25-March-2023 - 7.0.0-rc1
We’re excited to bring you the next major version of PMD!
Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate page with the full Detailed Release Notes for PMD 7.0.0.
PMD 7.0.0 is finally almost ready. In order to gather feedback, we are going to ship a couple of release candidates. These are officially available on GitHub and Maven Central and can be used as usual (e.g. as a dependency). We encourage you to try out the new features, but keep in mind that we may introduce API breaking changes between the release candidates. It should be stable enough if you don't use custom rules.
We have still some tasks planned for the next release candidates. You can see the progress in PMD 7 Tracking Issue #3898.
If you find any problem or difficulty while updating from PMD 6, please provide feedback via our issue tracker. That way we can improve the experience for all.
Table Of Contents
- 🚀 Major Features and Enhancements
- 🎉 Language Related Changes
- 🌟 New and changed rules
- 🚨 API
- 💥 Compatibility and migration notes
- 🐛 Fixed Issues
- ✨ External Contributions
- 📈 Stats
🚀 Major Features and Enhancements
New official logo
The new official logo of PMD:
Revamped Java module
- Java grammar substantially refactored - more correct regarding the Java Language Specification (JLS)
- Built-in rules have been upgraded for the changed AST
- Rewritten type resolution framework and symbol table correctly implements the JLS
- AST exposes more semantic information (method calls, field accesses)
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Clément Fournier (@oowekyala), Andreas Dangel (@adangel), Juan Martín Sotuyo Dodero (@jsotuyod)
Revamped Command Line Interface
- unified and consistent Command Line Interface for both Linux/Unix and Windows across our different utilities
- single script
pmd
(pmd.bat
for Windows) to launch the different utilities:pmd check
to run PMD rules and analyze a projectpmd cpd
to run CPD (copy paste detector)pmd designer
to run the PMD Rule Designer
- progress bar support for
pmd check
- shell completion
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Juan Martín Sotuyo Dodero (@jsotuyod)
Full Antlr support
- Antlr based grammars can now be used to build full-fledged PMD rules.
- Previously, Antlr grammar could only be used for CPD
- New supported languages: Swift and Kotlin
For more information, see the Detailed Release Notes for PMD 7.
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
🎉 Language Related Changes
Note that this is just a concise listing of the highlight. For more information on the languages, see the Detailed Release Notes for PMD 7.
New: Swift support
- use PMD to analyze Swift code with PMD rules
- initially 4 built-in rules
Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)
New: Kotlin support (experimental)
- use PMD to analyze Kotlin code with PMD rules
- Support for Kotlin 1.8 grammar
- initially 2 built-in rules
Changed: JavaScript support
- latest version supports ES6 and also some new constructs (see Rhino])
- comments are retained
Changed: Language versions
- more predefined language versions for each supported language
- can be used to limit rule execution for specific versions only with
minimumLanguageVersion
andmaximumLanguageVersion
attributes.
🌟 New and changed rules
New Rules
Apex
UnusedMethod
finds unused methods in your code.
Java
UnnecessaryBoxing
reports boxing and unboxing conversions that may be made implicit.
Kotlin
Swift
Changed Rules
Java
UnnecessaryFullyQualifiedName
: the rule has two new properties, to selectively disable reporting on static field and method qualifiers. The rule also has been improved to be more precise.UselessParentheses
: the rule has two new properties which control how strict the rule should be applied. WithignoreClarifying
(default: true) parentheses that are strictly speaking not necessary are allowed, if they separate expressions of different precedence. The other propertyignoreBalancing
(default: true) is similar, in that it allows parentheses that help reading and understanding the expressions.LooseCoupling
: the rule has a new property to allow some types to be coupled to (allowedTypes
).EmptyCatchBlock
:CloneNotSupportedException
andInterruptedException
are not special-cased anymore. Rename the exception parameter toignored
to ignore them.DontImportSun
:sun.misc.Signal
is not special-cased anymore.UseDiamondOperator
: the propertyjava7Compatibility
is removed. The rule now handles Java 7 properly without a property.SingularField
: PropertiescheckInnerClasses
anddisallowNotAssignment
are removed. The rule is now more precise and will check these cases properly.UseUtilityClass
: The propertyignoredAnnotations
has been removed.LawOfDemeter
: the rule has a new propertytrustRadius
. This defines the maximum degree of trusted data. The default of 1 is the most restrictive.CommentContent
: The propertiescaseSensitive
anddisallowedTerms
are removed. The new propertyfobiddenRegex
can be used now to define the disallowed terms with a single regular expression.
Removed Rules
Many rules, that were previously deprecated have been finally removed. See Detailed Release Notes for PMD 7 for the complete list.
🚨 API
The API of PMD has been growing over the years and needed some cleanup. The goal is, to have a clear separation between a well-defined API and the implementation, which is internal. This should help us in future development.
Also, there are some improvement and changes in different areas. For the detailed description of the changes listed here, see Detailed Release Notes for PMD 7.
- Miscellaneous smaller changes and cleanups
- XPath 3.1 support for XPath-based rules
- Node stream API for AST traversal
- Metrics framework
- Testing framework
- Language Lifecycle and Language Properties
💥 Compatibility and migration notes
See Detailed Release Notes for PMD 7.
🐛 Fixed Issues
- miscellaneous
- #881: [all] Breaking API changes for 7.0.0
- #896: [all] Use slf4j
- #1431: [ui] Remove old GUI applications (designerold, bgastviewer)
- #1451: [core] RulesetFactoryCompatibility stores the whole ruleset file in memory as a string
- #2496: Update PMD 7 Logo on landing page
- #2497: PMD 7 Logo page
- #2498: Update PMD 7 Logo in documentation
- #3797: [all] Use JUnit5
- ant
- #4080: [ant] Split off Ant integration into a new submodule
- core
- #880: [core] Make visitors generic
- #1622: [core] NodeStream API
- #1687: [core] Deprecate and Remove XPath 1.0 support
- #1785: [core] Allow abstract node types to be valid rulechain visits
- #1825: [core] Support NoAttribute for XPath
- #2038: [core] Remove DCD
- #2218: [core]
isFindBoundary
should not be an attribute - #2234: [core] Consolidate PMD CLI into a single command
- #2239: [core] Merging Javacc build scripts
- #2518: [core] Language properties
- #2602: [core] Remove ParserOptions
- #2614: [core] Upgrade Saxon, add XPath 3.1, remove Jaxen
- #2696: [core] Remove DFA
- #2821: [core] Rule processing error filenames are missing paths
- #2873: [core] Utility classes in pmd 7
- #2885: [core] Error recovery mode
- #3203: [core] Replace RuleViolationFactory implementations with ViolationDecorator
- #3692: [core] Analysis listeners
- #3782: [core] Language lifecycle
- #3815: [core] Update Saxon HE to 10.7
- #3893: [core] Text documents
- #3902: [core] Violation decorators
- #3918: [core] Make LanguageRegistry non static
- #3922: [core] Better error reporting for the ruleset parser
- #4035: [core] ConcurrentModificationException in DefaultRuleViolationFactory
- #4120: [core] Explicitly name all language versions
- #4353: [core] Micro optimizations for Node API
- #4365: [core] Improve benchmarking
- #4420: [core] Remove PMD.EOL
- cli
- testing
Language specific fixes:
- apex
- apex-design
- #2667: [apex] Integrate nawforce/ApexLink to build robust Unused rule
- java
- #520: [java] Allow
@SuppressWarnings
with constants instead of literals - #864: [java] Similar/duplicated implementations for determining FQCN
- #905: [java] Add new node for anonymous class declaration
- #910: [java] AST inconsistency between primitive and reference type arrays
- #997: [java] Java8 parsing corner case with annotated array types
- #998: [java] AST inconsistencies around FormalParameter
- #1019: [java] Breaking Java Grammar changes for PMD 7.0.0
- #1124: [java] ImmutableList implementation in the qname codebase
- #1128: [java] Improve ASTLocalVariableDeclaration
- #1150: [java] ClassOrInterfaceType AST improvements
- #1207: [java] Resolve explicit types using FQCNs, without hitting the classloader
- #1367: [java] Parsing error on annotated inner class
- #1661: [java] About operator nodes
- #2366: [java] Remove qualified names
- #2819: [java] GLB bugs in pmd 7
- #3763: [java] Ambiguous reference error in valid code
- #3749: [java] Improve
isOverridden
in ASTMethodDeclaration - #3750: [java] Make symbol table support instanceof pattern bindings
- #3752: [java] Expose annotations in symbol API
- #4237: [java] Cleanup handling of Java comments
- #4317: [java] Some AST nodes should not be TypeNodes
- #4359: [java] Type resolution fails with NPE when the scope is not a type declaration
- #4367: [java] Move testrule TypeResTest into internal
- #520: [java] Allow
- java-bestpractices
- #342: [java] AccessorMethodGeneration: Name clash with another public field not properly handled
- #755: [java] AccessorClassGeneration false positive for private constructors
- #770: [java] UnusedPrivateMethod yields false positive for counter-variant arguments
- #807: [java] AccessorMethodGeneration false positive with overloads
- #833: [java] ForLoopCanBeForeach should consider iterating on this
- #1189: [java] UnusedPrivateMethod false positive from inner class via external class
- #1205: [java] Improve ConstantsInInterface message to mention alternatives
- #1212: [java] Don’t raise JUnitTestContainsTooManyAsserts on JUnit 5’s assertAll
- #1422: [java] JUnitTestsShouldIncludeAssert false positive with inherited @Rule field
- #1565: [java] JUnitAssertionsShouldIncludeMessage false positive with AssertJ
- #1747: [java] PreserveStackTrace false-positive
- #1969: [java] MissingOverride false-positive triggered by package-private method overwritten in another package by extending class
- #1998: [java] AccessorClassGeneration false-negative: subclass calls private constructor
- #2130: [java] UnusedLocalVariable: false-negative with array
- #2147: [java] JUnitTestsShouldIncludeAssert - false positives with lambdas and static methods
- #2464: [java] LooseCoupling must ignore class literals: ArrayList.class
- #2542: [java] UseCollectionIsEmpty can not detect the case
foo.bar().size()
- #2650: [java] UseTryWithResources false positive when AutoCloseable helper used
- #2796: [java] UnusedAssignment false positive with call chains
- #2797: [java] MissingOverride long-standing issues
- #2806: [java] SwitchStmtsShouldHaveDefault false-positive with Java 14 switch non-fallthrough branches
- #2822: [java] LooseCoupling rule: Extend to cover user defined implementations and interfaces
- #2843: [java] Fix UnusedAssignment FP with field accesses
- #2882: [java] UseTryWithResources - false negative for explicit close
- #2883: [java] JUnitAssertionsShouldIncludeMessage false positive with method call
- #2890: [java] UnusedPrivateMethod false positive with generics
- #2946: [java] SwitchStmtsShouldHaveDefault false positive on enum inside enums
- #3672: [java] LooseCoupling - fix false positive with generics
- #3675: [java] MissingOverride - fix false positive with mixing type vars
- java-codestyle
- #1208: [java] PrematureDeclaration rule false-positive on variable declared to measure time
- #1429: [java] PrematureDeclaration as result of method call (false positive)
- #1673: [java] UselessParentheses false positive with conditional operator
- #1790: [java] UnnecessaryFullyQualifiedName false positive with enum constant
- #1918: [java] UselessParentheses false positive with boolean operators
- #2134: [java] PreserveStackTrace not handling
Throwable.addSuppressed(...)
- #2299: [java] UnnecessaryFullyQualifiedName false positive with similar package name
- #2391: [java] UseDiamondOperator FP when expected type and constructed type have a different parameterization
- #2528: [java] MethodNamingConventions - JUnit 5 method naming not support ParameterizedTest
- #2739: [java] UselessParentheses false positive for string concatenation
- #2748: [java] UnnecessaryCast false positive with unchecked cast
- #2973: [java] New rule: UnnecessaryBoxing
- #3195: [java] Improve rule UnnecessaryReturn to detect more cases
- #3218: [java] Generalize UnnecessaryCast to flag all unnecessary casts
- #3221: [java] PrematureDeclaration false positive for unused variables
- #3238: [java] Improve ExprContext, fix FNs of UnnecessaryCast
- #3500: [java] UnnecessaryBoxing - check for Integer.valueOf(String) calls
- #4357: [java] Fix IllegalStateException in UseDiamondOperator rule
- java-design
- #1014: [java] LawOfDemeter: False positive with lambda expression
- #1605: [java] LawOfDemeter: False positive for standard UTF-8 charset name
- #2175: [java] LawOfDemeter: False positive for chained methods with generic method call
- #2179: [java] LawOfDemeter: False positive with static property access - should treat class-level property as global object, not dot-accessed property
- #2180: [java] LawOfDemeter: False positive with Thread and ThreadLocalRandom
- #2182: [java] LawOfDemeter: False positive with package-private access
- #2188: [java] LawOfDemeter: False positive with fields assigned to local vars
- #2536: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal can’t detect inner class
- #3668: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal - fix FP with inner private classes
- #3754: [java] SingularField false positive with read in while condition
- #3786: [java] SimplifyBooleanReturns should consider operator precedence
- #4238: [java] Make LawOfDemeter not use the rulechain
- java-documentation
- java-errorprone
- #659: [java] MissingBreakInSwitch - last default case does not contain a break
- #1005: [java] CloneMethodMustImplementCloneable triggers for interfaces
- #1669: [java] NullAssignment - FP with ternay and null as constructor argument
- #1899: [java] Recognize @SuppressWanings(“fallthrough”) for MissingBreakInSwitch
- #2320: [java] NullAssignment - FP with ternary and null as method argument
- #2532: [java] AvoidDecimalLiteralsInBigDecimalConstructor can not detect the case
new BigDecimal(Expression)
- #2579: [java] MissingBreakInSwitch detects the lack of break in the last case
- #2880: [java] CompareObjectsWithEquals - false negative with type res
- #2893: [java] Remove special cases from rule EmptyCatchBlock
- #2894: [java] Improve MissingBreakInSwitch
- #3071: [java] BrokenNullCheck FP with PMD 6.30.0
- #3087: [java] UnnecessaryBooleanAssertion overlaps with SimplifiableTestAssertion
- #3100: [java] UseCorrectExceptionLogging FP in 6.31.0
- #3173: [java] UseProperClassLoader false positive
- #3351: [java] ConstructorCallsOverridableMethod ignores abstract methods
- #3400: [java] AvoidUsingOctalValues FN with underscores
- #4356: [java] Fix NPE in CloseResourceRule
- java-multithreading
- java-performance
- kotlin
- swift
- xml
- #1800: [xml] Unimplement org.w3c.dom.Node from the XmlNodeWrapper
✨ External Contributions
- #1658: [core] Node support for Antlr-based languages - Matías Fraga (@matifraga)
- #1698: [core] [swift] Antlr Base Parser adapter and Swift Implementation - Lucas Soncini (@lsoncini)
- #1774: [core] Antlr visitor rules - Lucas Soncini (@lsoncini)
- #1877: [swift] Feature/swift rules - Matías Fraga (@matifraga)
- #1881: [doc] Add ANTLR documentation - Matías Fraga (@matifraga)
- #1882: [swift] UnavailableFunction Swift rule - Tomás de Lucca (@tomidelucca)
- #2830: [apex] Apexlink POC - Kevin Jones (@nawforce)
- #3866: [core] Add CLI Progress Bar - @JerritEic (@JerritEic)
- #4412: [doc] Added new error msg to ConstantsInInterface - David Ljunggren (@dague1)
- #4428: [apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - Steven Stearns (@sfdcsteve)
📈 Stats
- 4416 commits
- 464 closed tickets & PRs
- Days since last release: 28
25-February-2023 - 6.55.0
The PMD team is pleased to announce PMD 6.55.0.
This is a minor release.
Table Of Contents
New and noteworthy
PMD 7 Development
This release is the last planned release of PMD 6. The first version 6.0.0 was released in December 2017. Over the course of more than 5 years we published almost every month a new minor version of PMD 6 with new features and improvements.
Already in November 2018 we started in parallel the development of the next major version 7.0.0, and we are now in the process of finalizing the scope of the major version. We want to release a couple of release candidates before publishing the final version 7.0.0.
We plan to release 7.0.0-rc1 soon. You can see the progress in PMD 7 Tracking Issue #3898.
Java 20 Support
This release of PMD brings support for Java 20. There are no new standard language features.
PMD supports JEP 433: Pattern Matching for switch (Fourth Preview) and JEP 432: Record Patterns (Second Preview) as preview language features.
In order to analyze a project with PMD that uses these language features,
you’ll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 20-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd --use-version java-20-preview ...
T-SQL support
Thanks to the contribution from Paul Guyot PMD now has CPD support for T-SQL (Transact-SQL).
Being based on a proper Antlr grammar, CPD can:
- ignore comments
- honor comment-based suppressions
Fixed Issues
- core
- #4395: [core] Support environment variable CLASSPATH with pmd.bat under Windows
- java
- #4333: [java] Support JDK 20
- java-errorprone
- #4393: [java] MissingStaticMethodInNonInstantiatableClass false-positive for Lombok’s @UtilityClass for classes with non-private fields
API Changes
Go
- The LanguageModule of Go, that only supports CPD execution, has been deprecated. This language is not fully supported by PMD, so having a language module does not make sense. The functionality of CPD is not affected by this change. The following class has been deprecated and will be removed with PMD 7.0.0:
Java
- Support for Java 18 preview language features have been removed. The version “18-preview” is no longer available.
- The experimental class
net.sourceforge.pmd.lang.java.ast.ASTGuardedPattern
has been removed.
External Contributions
- #4384: [swift] Add more swift 5.x support (#unavailable mainly) - Richard B. (@kenji21)
- #4390: Add support for T-SQL using Antlr4 lexer - Paul Guyot (@pguyot)
- #4392: [java] Fix #4393 MissingStaticMethodInNonInstantiatableClass: Fix false-positive for field-only class - Dawid Ciok (@dawiddc)
Stats
- 40 commits
- 11 closed tickets & PRs
- Days since last release: 28
28-January-2023 - 6.54.0
The PMD team is pleased to announce PMD 6.54.0.
This is a minor release.
Table Of Contents
New and noteworthy
New report format html-report-v2.xslt
Thanks to @mohan-chinnappan-n a new PMD report format has been added which features a data table with charting functions. It uses an XSLT stylesheet to convert PMD’s XML format into HTML.
See the example report.
Fixed Issues
- apex-bestpractices
- #2669: [apex] UnusedLocalVariable false positive in dynamic SOQL
- core
- java
- #4364: [java] Parsing error with textblock containing quote followed by two backslashes
- testing
- #4236: [test] kotest logs look broken
API Changes
PMD CLI
- PMD now supports a new
--relativize-paths-with
flag (or short-z
), which replaces--short-names
. It serves the same purpose: Shortening the pathnames in the reports. However, with the new flag it’s possible to explicitly define one or more pathnames that should be used as the base when creating relative paths. The old flag--short-names
is deprecated.
Deprecated APIs
For removal
ApexRootNode#getApexVersion
has been deprecated for removal. The version returned is alwaysVersion.CURRENT
, as the apex compiler integration doesn’t use additional information which Apex version actually is used. Therefore, this method can’t be used to determine the Apex version of the project that is being analyzed.CPDConfiguration#setEncoding
andCPDConfiguration#getEncoding
. Use the methodsgetSourceEncoding
andsetSourceEncoding
instead. Both are available forCPDConfiguration
which extendsAbstractConfiguration
.BaseCLITest
andBaseCPDCLITest
have been deprecated for removal without replacement. CLI tests should be done in pmd-core only (and in PMD7 in pmd-cli). Individual language modules shouldn’t need to test the CLI integration logic again. Instead, the individual language modules should test their functionality as unit tests.-
FileCollector#addZipFile
has been deprecated. It is replaced byFileCollector#addZipFileWithContent
which directly adds the content of the zip file for analysis. PMDConfiguration#setReportShortNames
andPMDConfiguration#isReportShortNames
have been deprecated for removal. UsePMDConfiguration#addRelativizeRoot
instead.
Internal APIs
CSVWriter
- Some fields in
AbstractAntTestHelper
Experimental APIs
- CPDReport has a new method which limited mutation of a given report:
filterMatches
creates a new CPD report with some matches removed with a given predicate based filter.
External Contributions
- #4110: [apex] Feature/unused variable bind false positive with dynamic SOQL - Thomas Prouvot (@tprouvot)
- #4125: [core] New report format html-report-v2.xslt to provide html with datatable and chart features - Mohan Chinnappan - (@mohan-chinnappan-n)
- #4280: [apex] Deprecate ApexRootNode.getApexVersion - Aaron Hurst (@aaronhurst-google)
- #4285: [java] CommentDefaultAccessModifier - add co.elastic.clients.util.VisibleForTesting as default suppressed annotation - Matthew Luckam (@mluckam)
Stats
- 107 commits
- 19 closed tickets & PRs
- Days since last release: 27
31-December-2022 - 6.53.0
The PMD team is pleased to announce PMD 6.53.0.
This is a minor release.
Table Of Contents
New and noteworthy
Modified rules
- The Java rule
UnusedPrivateField
has a new propertyreportForAnnotations
. This is a list of fully qualified names of the annotation types that should be reported anyway. If an unused field has any of these annotations, then it is reported. If it has any other annotation, then it is still considered to be used and is not reported.
Deprecated rules
-
The Java rules
ExcessiveClassLength
andExcessiveMethodLength
have been deprecated. The ruleNcssCount
can be used instead. The deprecated rules will be removed with PMD 7.0.0. -
The Java rule
EmptyStatementNotInLoop
is deprecated. Use the ruleUnnecessarySemicolon
instead. Note: Actually it was announced to be deprecated since 6.46.0 but the rule was not marked as deprecated yet. This has been done now.
Fixed Issues
- core
- #4248: [core] Can’t analyze sources in zip files
- apex-security
- #4146: [apex] ApexCRUDViolation: Recognize User Mode in SOQL + DML
- java
- #4266: [java] PMD fails to process a record with lambda in compact constructor
- java-bestpractices
- java-design
- #2127: [java] Deprecate rules ExcessiveClassLength and ExcessiveMethodLength
- java-errorprone
- #4164: [java][doc] AvoidAssertAsIdentifier and AvoidEnumAsIdentifier - clarify use case
- java-multithreading
- #4210: [java] DoNotUseThreads report duplicate warnings
API Changes
Deprecated APIs
For removal
These classes / APIs have been deprecated and will be removed with PMD 7.0.0.
ExcessiveLengthRule
(Java)
External Contributions
- #4244: [apex] ApexCRUDViolation: user mode and system mode with test cases added - Tarush Singh (@Tarush-Singh35)
- #4274: [java] Fix finding lambda scope in record compact constructor - kdebski85 (@kdebski85)
Stats
- 43 commits
- 17 closed tickets & PRs
- Days since last release: 35
26-November-2022 - 6.52.0
The PMD team is pleased to announce PMD 6.52.0.
This is a minor release.
Table Of Contents
New and noteworthy
New rules
- The new Java rule
InvalidJavaBean
identifies beans, that don’t follow the JavaBeans API specification, like beans with missing getters or setters.
<rule ref="category/java/design.xml/InvalidJavaBean"/>
Renamed rules
-
The Java rule
BeanMembersShouldSerialize
has been renamed toNonSerializableClass
. It has been revamped to only check for classes that are marked withSerializable
and reports each field in it, that is not serializable.The property
prefix
has been deprecated, since in a serializable class all fields have to be serializable regardless of the name.
Modified rules
-
The rule
ClassNamingConventions
has a new propertytestClassPattern
, which is applied to test classes. By default, test classes should end with the suffix “Test”. Test classes are top-level classes, that either inherit from JUnit 3 TestCase or have at least one method annotated with the Test annotations from JUnit4/5 or TestNG. -
The property
ignoredAnnotations
of ruleImmutableField
has been deprecated and doesn’t have any effect anymore. Since PMD 6.47.0, the rule only considers fields, that are initialized once and never changed. If the field is just declared but never explicitly initialized, it won’t be reported. That’s the typical case when a framework sets the field value by reflection. Therefore, the property is not needed anymore. If there is a special case where this rule misidentifies fields as immutable, then the rule should be suppressed for these fields explicitly.
Fixed Issues
- cli
- #4215: NullPointerException when trying to open designer
- doc
- #4207: [doc] List all languages in rule doc
- java
- java-codestyle
- java-design
- #4175: [java] ImmutableField - deprecate property
ignoredAnnotations
- #4177: [java] New Rule InvalidJavaBean
- #4188: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal false positive with Lombok’s @NoArgsConstructor
- #4189: [java] AbstractClassWithoutAnyMethod should consider lombok’s @AllArgsConstructor
- #4200: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal should consider lombok’s @Value
- #4175: [java] ImmutableField - deprecate property
- java-errorprone
- #1668: [java] BeanMembersShouldSerialize is extremely noisy
- #4172: [java] InvalidLogMessageFormat false positive on externally formatted strings
- #4174: [java] MissingStaticMethodInNonInstantiatableClass does not consider nested builder class
- #4176: [java] Rename BeanMembersShouldSerialize to NonSerializableClass
- #4185: [java] InvalidLogMessageFormat rule produces a NPE
- #4224: [java] MissingStaticMethodInNonInstantiatableClass should consider Lombok’s @UtilityClass
- #4225: [java] MissingStaticMethodInNonInstantiatableClass should consider Lombok’s @NoArgsConstructor
- java-performance
- #4183: [java] AvoidArrayLoops regression: from false negative to false positive with final variables
API Changes
PMD CLI
-
PMD now supports a new
--use-version
flag, which receives a language-version pair (such asjava-8
orapex-54
). This supersedes the usage of-language
/-l
and-version
/-v
, allowing for multiple versions to be set in a single run. PMD 7 will completely remove support for-language
and-version
in favor of this new flag. -
Support for
-V
is being deprecated in favor of--verbose
in preparation for PMD 7. In PMD 7,-v
will enable verbose mode and-V
will show the PMD version for consistency with most Unix/Linux tools. -
Support for
-min
is being deprecated in favor of--minimum-priority
for consistency with most Unix/Linux tools, where-min
would be equivalent to-m -i -n
.
CPD CLI
- CPD now supports using
-d
or--dir
as an alias to--files
, in favor of consistency with PMD. PMD 7 will remove support for--files
in favor of these new flags.
Linux run.sh parameters
-
Using
run.sh cpdgui
will now warn about it being deprecated. Userun.sh cpd-gui
instead. -
The old designer (
run.sh designerold
) is completely deprecated and will be removed in PMD 7. Switch to the new JavaFX designer:run.sh designer
. -
The old visual AST viewer (
run.sh bgastviewer
) is completely deprecated and will be removed in PMD 7. Switch to the new JavaFX designer:run.sh designer
for a visual tool, or userun.sh ast-dump
for a text-based alternative.
Deprecated API
- The following core APIs have been marked as deprecated for removal in PMD 7:
PMD
andPMD.StatusCode
- PMD 7 will ship with a revamped CLI split from pmd-core. To programmatically launch analysis you can usePmdAnalysis
.PMDConfiguration#getAllInputPaths
- It is now superseded byPMDConfiguration#getInputPathList
PMDConfiguration#setInputPaths
- It is now superseded byPMDConfiguration#setInputPathList
PMDConfiguration#addInputPath
- It is now superseded byPMDConfiguration#addInputPath
PMDConfiguration#getInputFilePath
- It is now superseded byPMDConfiguration#getInputFile
PMDConfiguration#getIgnoreFilePath
- It is now superseded byPMDConfiguration#getIgnoreFile
PMDConfiguration#setInputFilePath
- It is now superseded byPMDConfiguration#setInputFilePath
PMDConfiguration#setIgnoreFilePath
- It is now superseded byPMDConfiguration#setIgnoreFilePath
PMDConfiguration#getInputUri
- It is now superseded byPMDConfiguration#getUri
PMDConfiguration#setInputUri
- It is now superseded byPMDConfiguration#setInputUri
PMDConfiguration#getReportFile
- It is now superseded byPMDConfiguration#getReportFilePath
PMDConfiguration#setReportFile
- It is now superseded byPMDConfiguration#setReportFile
PMDConfiguration#isStressTest
andPMDConfiguration#setStressTest
- Will be removed with no replacement.PMDConfiguration#isBenchmark
andPMDConfiguration#setBenchmark
- Will be removed with no replacement, the CLI will still support it.CPD
andCPD.StatusCode
- PMD 7 will ship with a revamped CLI split from pmd-core. An alterative to programatically launch CPD analysis will be added in due time.
- In order to reduce the dependency on Apex Jorje classes, the method
DataType#fromBasicType
has been deprecated. The equivalent methodfromTypeName
should be used instead.
External Contributions
- #4184: [java][doc] TestClassWithoutTestCases - fix small typo in description - Valery Yatsynovich (@valfirst)
- #4198: [doc] Add supported CPD languages - Jeroen van Wilgenburg (@jvwilge)
- #4202: [java] Fix #4200 and #4201: ClassWithOnlyPrivateConstructorsShouldBeFinal, CommentDefaultAccessModifier: Exclude lombok @Value annotation - Lynn (@LynnBroe)
- #4205: [doc] Clarify Scala support (no built-in rules) - Eldrick Wega (@Eldrick19)
- #4226: [visualforce] Replace uses of Jorje types in pmd-visualforce - Aaron Hurst (@aaronhurst-google)
- #4227: [java] Fix #4225 MissingStaticMethodInNonInstantiatableClass: Exclude lombok’s @NoArgsConstructor annotation - Lynn (@LynnBroe)
- #4228: [java] Fix #4224 MissingStaticMethodInNonInstantiatableClass: Exclude lombok’s UtilityClass - Lynn (@LynnBroe)
- #4232: [doc] Fixing typos - Andreas Deininger (@deining)
Stats
- 96 commits
- 40 closed tickets & PRs
- Days since last release: 28
29-October-2022 - 6.51.0
The PMD team is pleased to announce PMD 6.51.0.
This is a minor release.
Table Of Contents
New and noteworthy
New Rules
- The new Apex rule
ApexUnitTestClassShouldHaveRunAs
ensures that unit tests use System.runAs() at least once. This makes the tests more robust, and independent from the user running it.
<rule ref="category/apex/bestpractices.xml/ApexUnitTestClassShouldHaveRunAs"/>
The rule is part of the quickstart.xml ruleset.
Modified Rules
- The Java rule
TestClassWithoutTestCases
has a new propertytestClassPattern
. This is used to detect empty test classes by name. Previously this rule could only detect empty JUnit3 test cases properly. To switch back to the old behavior, this property can be set to an empty value which disables the test class detection by pattern.
Fixed Issues
- apex
- #4149: [apex] New rule: ApexUnitTestClassShouldHaveRunAs
- doc
- java-bestpractices
- #4140: [java] [doc] AccessorClassGeneration violations hidden with Java 11
- java-codestyle
- #4139: [java] UnnecessaryFullyQualifiedName FP when the same simple class name exists in the current package
- java-documentation
- #4141: [java] UncommentedEmptyConstructor FP when constructor annotated with @Autowired
- java-performance
- #1167: [java] AvoidArrayLoops false positive on double assignment
- #2080: [java] StringToString rule false-positive with field access
- #2692: [java] [doc] AvoidArrayLoops flags copy assignment in same array as sub-optimal
- #3437: [java] StringToString doesn’t trigger on Bar.class.getSimpleName().toString()
- #3681: [java] StringToString doesn’t trigger on string literals
- #3847: [java] AvoidArrayLoops should consider final variables
- #3977: [java] StringToString false-positive with local method name confusion
- #4091: [java] AvoidArrayLoops false negative with do-while loops
- #4148: [java] UseArrayListInsteadOfVector ignores Vector when other classes are imported
- java-errorprone
- javascript
- #4165: [javascript] InaccurateNumericLiteral underscore separator notation false positive
API Changes
No changes.
External Contributions
- #4142: [java] fix #4141 Update UncommentedEmptyConstructor - ignore @Autowired annotations - Lynn (@LynnBroe)
- #4147: [java] Added support for Do-While for AvoidArrayLoops - Yasar Shaikh (@yasarshaikh)
- #4150: [apex] New rule ApexUnitTestClassShouldHaveRunAs #4149 - Thomas Prouvot (@tprouvot)
Stats
- 63 commits
- 28 closed tickets & PRs
- Days since last release: 28
30-September-2022 - 6.50.0
The PMD team is pleased to announce PMD 6.50.0.
This is a minor release.
Table Of Contents
New and noteworthy
Lua now supports additionally Luau
This release of PMD adds support for Luau, a gradually typed language derived from Lua. This means, that the Lua language in PMD can now parse both Lua and Luau.
Modified rules
- The Java rule
UnusedPrivateField
now ignores private fields, if the fields are annotated with any annotation or the enclosing class has any annotation. Annotations often enable a framework (such as dependency injection, mocking or e.g. Lombok) which use the fields by reflection or other means. This usage can’t be detected by static code analysis. Previously these frameworks where explicitly allowed by listing their annotations in the property “ignoredAnnotations”, but that turned out to be prone of false positive for any not explicitly considered framework. That’s why the property “ignoredAnnotations” has been deprecated for this rule. - The Java rule
CommentDefaultAccessModifier
now by default ignores JUnit5 annotated methods. This behavior can be customized using the propertyignoredAnnotations
.
Fixed Issues
- cli
- #4118: [cli] run.sh designer reports “integer expression expected”
- core
- #4116: [core] Missing –file arg in TreeExport CLI example
- doc
- java
- #3431: [java] Add sample java project to regression-tester which uses new language constructs
- java-bestpractices
- java-codestyle
- #3859: [java] CommentDefaultAccessModifier is triggered in JUnit5 test class
- #4085: [java] UnnecessaryFullyQualifiedName false positive when nested and non-nested classes with the same name and in the same package are used together
- #4133: [java] UnnecessaryFullyQualifiedName - FP for inner class pkg.ClassA.Foo implementing pkg.Foo
- java-design
- #4090: [java] FinalFieldCouldBeStatic false positive with non-static synchronized block (regression in 6.48, worked with 6.47)
- java-errorprone
- scala
- #4138: [scala] Upgrade scala-library to 2.12.7 / 2.13.9 and scalameta to 4.6.0
API Changes
CPD CLI
- CPD now supports the
--ignore-literal-sequences
argument when analyzing Lua code.
Financial Contributions
Many thanks to our sponsors:
- Oliver Siegmar (@osiegmar)
External Contributions
- #4066: [lua] Add support for Luau syntax and skipping literal sequences in CPD - Matt Hargett (@matthargett)
- #4100: [java] Update UnusedPrivateFieldRule - ignore any annotations - Lynn (@LynnBroe)
- #4116: [core] Fix missing –file arg in TreeExport CLI example - mohan-chinnappan-n (@mohan-chinnappan-n)
- #4124: [doc] Fix typos in Java rule docs - Piotrek Żygieło (@pzygielo)
- #4128: [java] Fix False-positive UnnecessaryFullyQualifiedName when nested and non-nest… #4103 - Oleg Andreych (@OlegAndreych)
- #4130: [ci] GitHub Workflows security hardening - Alex (@sashashura)
- #4131: [doc] TooFewBranchesForASwitchStatement - Use “if-else” instead of “if-then” - Suvashri (@Suvashri)
- #4137: [java] Fixes 3859: Exclude junit5 test methods from the commentDefaultAccessModifierRule - Luis Alcantar (@lfalcantar)
Stats
- 100 commits
- 26 closed tickets & PRs
- Days since last release: 29
31-August-2022 - 6.49.0
The PMD team is pleased to announce PMD 6.49.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
Fixed Issues
- apex
- #4096: [apex] ApexAssertionsShouldIncludeMessage and ApexUnitTestClassShouldHaveAsserts: support new Assert class (introduced with Apex v56.0)
- core
- #3970: [core] FileCollector.addFile ignores language parameter
- java-codestyle
- #4082: [java] UnnecessaryImport false positive for on-demand imports of nested classes
API Changes
Deprecated API
- In order to reduce the dependency on Apex Jorje classes, the following methods have been deprecated.
These methods all leaked internal Jorje enums. These enums have been replaced now by enums the
PMD’s AST package.
ASTAssignmentExpression#getOperator
ASTBinaryExpression#getOperator
ASTBooleanExpression#getOperator
ASTPostfixExpression#getOperator
ASTPrefixExpression#getOperator
All these classes have now a new
getOp()
method. Existing code should be refactored to use this method instead. It returns the new enums, likeAssignmentOperator
, and avoids the dependency to Jorje.
External Contributions
- #4081: [apex] Remove Jorje leaks outside
ast
package - @eklimo - #4083: [java] UnnecessaryImport false positive for on-demand imports of nested classes (fix for #4082) - @abyss638
- #4092: [apex] Implement ApexQualifiableNode for ASTUserEnum - @aaronhurst-google
- #4095: [core] CPD: Added begin and end token to XML reports - @pacvz
- #4097: [apex] ApexUnitTestClassShouldHaveAssertsRule: Support new Assert class (Apex v56.0) - @tprouvot
- #4104: [doc] Add MegaLinter in the list of integrations - @nvuillam
Stats
- 49 commits
- 10 closed tickets & PRs
- Days since last release: 32
30-July-2022 - 6.48.0
The PMD team is pleased to announce PMD 6.48.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 19 Support
This release of PMD brings support for Java 19. There are no new standard language features.
PMD supports JEP 427: Pattern Matching for switch (Third Preview) and JEP 405: Record Patterns (Preview) as preview language features.
In order to analyze a project with PMD that uses these language features,
you’ll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 19-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 19-preview ...
Note: Support for Java 17 preview language features have been removed. The version “17-preview” is no longer available.
Gherkin support
Thanks to the contribution from Anne Brouwers PMD now has CPD support for the Gherkin language. It is used to defined test cases for the Cucumber testing tool for behavior-driven development.
Being based on a proper Antlr grammar, CPD can:
- ignore comments
- honor comment-based suppressions
Fixed Issues
- apex
- #4056: [apex] ApexSOQLInjection: Add support count query
- core
- #3796: [core] CPD should also provide a
--debug
flag - #4021: [core] CPD: Add total number of tokens to XML reports
- #4031: [core] If report is written to stdout, stdout should not be closed
- #4051: [doc] Additional rulesets are not listed in documentation
- #4053: [core] Allow building PMD under Java 18+
- #3796: [core] CPD should also provide a
- java
- #4015: [java] Support JDK 19
- java-bestpractices
- #3455: [java] WhileLoopWithLiteralBoolean - false negative with complex expressions
- java-design
- java-performance
- #3625: [java] AddEmptyString - false negative with empty var
- lua
- #4061: [lua] Fix several related Lua parsing issues found when using CPD
- test
API Changes
CPD CLI
- CPD has a new CLI option
--debug
. This option has the same behavior as in PMD. It enables more verbose logging output.
Rule Test Framework
- The module “pmd-test”, which contains support classes to write rule tests, now requires Java 8. If you depend on this module for testing your own custom rules, you’ll need to make sure to use at least Java 8.
- The new module “pmd-test-schema” contains now the XSD schema and the code to parse the rule test XML files. The schema has been extracted in order to easily share it with other tools like the Rule Designer or IDE plugins.
- Test schema changes:
- The attribute
isRegressionTest
oftest-code
is deprecated. The new attributedisabled
should be used instead for defining whether a rule test should be skipped or not. - The attributes
reinitializeRule
anduseAuxClasspath
oftest-code
are deprecated and assumed true. They will not be replaced. - The new attribute
focused
oftest-code
allows disabling all tests except the focused one temporarily.
- The attribute
- More information about the rule test framework can be found in the documentation: Testing your rules
Deprecated API
- The experimental Java AST class
ASTGuardedPattern
has been deprecated and will be removed. It was introduced for Java 17 and Java 18 Preview as part of pattern matching for switch, but it is no longer supported with Java 19 Preview. - The interface
CPDRenderer
is deprecated. For custom CPD renderers the new interfaceCPDReportRenderer
should be used. - The class
TestDescriptor
is deprecated, replaced withRuleTestDescriptor
. - Many methods of
RuleTst
have been deprecated as internal API.
Experimental APIs
- To support the Java preview language features “Pattern Matching for Switch” and “Record Patterns”, the following AST nodes have been introduced as experimental:
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
CPDConfiguration#setRenderer
CPDConfiguration#setCPDRenderer
CPDConfiguration#getRenderer
CPDConfiguration#getCPDRenderer
CPDConfiguration#getRendererFromString
CPDConfiguration#getCPDRendererFromString
CPDRendererAdapter
Financial Contributions
Many thanks to our sponsors:
- Matt Hargett (@matthargett)
External Contributions
- #3984: [java] Fix AddEmptyString false-negative issue - @LiGaOg
- #3988: [java] Modify WhileLoopWithLiteralBoolean to meet the missing case #3455 - @VoidxHoshi
- #3992: [java] FinalFieldCouldBeStatic - fix false negative with unnecessary parenthesis - @dalizi007
- #3994: [java] TooManyMethods - improve getter/setter detection (#3729) - @341816041
- #4017: Add Gherkin support to CPD - @ASBrouwers
- #4021: [core] CPD: Add total number of tokens to XML reports - @maikelsteneker
- #4056: [apex] ApexSOQLInjection: Add support count query - @gwilymatgearset
- #4061: [lua] Fix several related Lua parsing issues found when using CPD - @matthargett
Stats
- 102 commits
- 26 closed tickets & PRs
- Days since last release: 35
25-June-2022 - 6.47.0
The PMD team is pleased to announce PMD 6.47.0.
This is a minor release.
Table Of Contents
Fixed Issues
- core
- java-bestpractices
- java-design
- #3823: [java] ImmutableField: Do not flag fields in @Entity
- #3981: [java] ImmutableField reports fields annotated with @Value (Spring)
- #3998: [java] ImmutableField reports fields annotated with @Captor (Mockito)
- #4004: [java] ImmutableField reports fields annotated with @GwtMock (GwtMockito) and @Spy (Mockito)
- #4008: [java] ImmutableField not reporting fields that are only initialized in the declaration
- #4011: [java] ImmutableField: Do not flag fields annotated with @Inject
- #4020: [java] ImmutableField reports fields annotated with @FindBy and @FindBys (Selenium)
- java-errorprone
API Changes
No changes.
External Contributions
- #3985: [java] Fix false negative problem about Enum in AvoidFieldNameMatchingMethodName #3936 - @Scrsloota
- #3993: [java] AvoidDuplicateLiterals - Add the method “buz” definition to test cases - @dalizi007
- #4002: [java] ImmutableField - Ignore fields annotated with @Value (Spring) or @Captor (Mockito) - @jjlharrison
- #4003: [java] UnusedPrivateField - Ignore fields annotated with @Id/@EmbeddedId/@Version (JPA) or @Mock/@Spy/@MockBean (Mockito/Spring) - @jjlharrison
- #4006: [doc] Fix eclipse plugin update site URL - @shiomiyan
- #4010: [core] Bump kotlin to version 1.7.0 - @maikelsteneker
Stats
- 45 commits
- 23 closed tickets & PRs
- Days since last release: 27
28-May-2022 - 6.46.0
The PMD team is pleased to announce PMD 6.46.0.
This is a minor release.
Table Of Contents
New and noteworthy
CLI improvements
The PMD CLI now allows repeating the --dir
(-d
) and --rulesets
(-R
) options,
as well as providing several space-separated arguments to either of them. For instance:
pmd -d src/main/java src/test/java -R rset1.xml -R rset2.xml
This also allows globs to be used on the CLI if your shell supports shell expansion. For instance, the above can be written
pmd -d src/*/java -R rset*.xml
Please use theses new forms instead of using comma-separated lists as argument to these options.
C# Improvements
When executing CPD on C# sources, the option --ignore-annotations
is now supported as well.
It ignores C# attributes when detecting duplicated code. This option can also be enabled via
the CPD GUI. See #3974 for details.
New Rules
This release ships with 2 new Java rules.
-
EmptyControlStatement
reports many instances of empty things, e.g. control statements whose body is empty, as well as empty initializers.EmptyControlStatement also works for empty
for
anddo
loops, while there were previously no corresponding rules.This new rule replaces the rules EmptyFinallyBlock, EmptyIfStmt, EmptyInitializer, EmptyStatementBlock, EmptySwitchStatements, EmptySynchronizedBlock, EmptyTryBlock, and EmptyWhileStmt.
<rule ref="category/java/codestyle.xml/EmptyControlStatement"/>
The rule is part of the quickstart.xml ruleset.
-
UnnecessarySemicolon
reports semicolons that are unnecessary (so called “empty statements” and “empty declarations”).This new rule replaces the rule EmptyStatementNotInLoop.
<rule ref="category/java/codestyle.xml/UnnecessarySemicolon"/>
The rule is part of the quickstart.xml ruleset.
Deprecated Rules
- The following Java rules are deprecated and removed from the quickstart ruleset, as the new rule
EmptyControlStatement
merges their functionality: - The Java rule
EmptyStatementNotInLoop
is deprecated and removed from the quickstart ruleset. Use the new ruleUnnecessarySemicolon
instead.
Fixed Issues
- cli
- #1445: [core] Allow CLI to take globs as parameters
- core
- cs (c#)
- #3974: [cs] Add option to ignore C# attributes (annotations)
- go
- #2752: [go] Error parsing unicode values
- html
- java
- #3423: [java] Error processing identifiers with Unicode
- java-bestpractices
- #3954: [java] NPE in UseCollectionIsEmptyRule when .size() is called in a record
- java-design
- #3874: [java] ImmutableField reports fields annotated with @Autowired (Spring) and @Mock (Mockito)
- java-errorprone
- #3096: [java] EmptyStatementNotInLoop FP in 6.30.0 with IfStatement
- java-performance
- javascript
- python
- #2604: [python] Support unicode identifiers
API Changes
Deprecated ruleset references
Ruleset references with the following formats are now deprecated and will produce a warning when used on the CLI or in a ruleset XML file:
<lang-name>-<ruleset-name>
, egjava-basic
, which resolves torulesets/java/basic.xml
- the internal release number, eg
600
, which resolves torulesets/releases/600.xml
Use the explicit forms of these references to be compatible with PMD 7.
Deprecated API
toString
is now deprecated. The format of this method will remain the same until PMD 7. The deprecation is intended to steer users away from relying on this format, as it may be changed in PMD 7.getInputPaths
andsetInputPaths
are now deprecated. A new set of methods have been added, which use lists and do not rely on comma splitting.
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
CPDCommandLineInterface
has been internalized. In order to execute CPD eitherCPD#run
orCPD#main
should be used.- Several members of
BaseCPDCLITest
have been deprecated with replacements. - The methods
Formatter#start
,Formatter#end
,Formatter#getRenderer
, andFormatter#isNoOutputSupplied
have been internalized.
External Contributions
- #3961: [java] Fix #3954 - NPE in UseCollectionIsEmptyRule with record - @flyhard
- #3964: [java] Fix #3874 - ImmutableField: fix mockito/spring false positives - @lukelukes
- #3974: [cs] Add option to ignore C# attributes (annotations) - @maikelsteneker
Stats
- 92 commits
- 30 closed tickets & PRs
- Days since last release: 28
30-April-2022 - 6.45.0
The PMD team is pleased to announce PMD 6.45.0.
This is a minor release.
Table Of Contents
New and noteworthy
PMD User Survey
Help shape the future of PMD by telling us how you use it.
Our little survey is still open in case you didn’t participate yet. Please participate in our survey at https://forms.gle/4d8r1a1RDzfixHDc7.
Thank you!
Support for HTML
This version of PMD ships a new language module to support analyzing of HTML. Support for HTML is experimental and might change without notice. The language implementation is not complete yet and the AST doesn’t look well for text nodes and comment nodes and might be changed in the future. You can write your own rules, but we don’t guarantee that the rules work with the next (minor) version of PMD without adjustments.
Please give us feedback about how practical this new language is in discussions. Please report missing features or bugs as new issues.
New rules
- The HTML rule
AvoidInlineStyles
finds elements which use a style attribute. In order to help maintaining a webpage it is considered good practice to separate content and styles. Instead of inline styles one should use CSS files and classes.
<rule ref="category/html/bestpractices.xml/AvoidInlineStyles" />
- The HTML rule
UnnecessaryTypeAttribute
finds “link” and “script” elements which still have a “type” attribute. This is not necessary anymore since modern browsers automatically use CSS and JavaScript.
<rule ref="category/html/bestpractices.xml/UnnecessaryTypeAttribute" />
- The HTML rule
UseAltAttributeForImages
finds “img” elements without an “alt” attribute. An alternate text should always be provided in order to help screen readers.
<rule ref="category/html/bestpractices.xml/UseAltAttributeForImages" />
Modified rules
- The Java rule
UnusedPrivateField
has a new propertyignoredFieldNames
. The default ignores serialization-specific fields (egserialVersionUID
). The property can be used to ignore more fields based on their name. Note that the rule used to ignore fields namedIDENT
, but doesn’t anymore (add this value to the property to restore the old behaviour).
Fixed Issues
- core
- doc
- #2505: [doc] Improve side bar to show release date
- java
- java-bestpractices
- #3910: [java] UnusedPrivateField - Allow the ignored fieldnames to be configurable
- #1185: [java] ArrayIsStoredDirectly false positive with field access
- #1474: [java] ArrayIsStoredDirectly false positive with method call
- #3879 [java] ArrayIsStoredDirectly reports duplicated violation
- #3929: [java] ArrayIsStoredDirectly should report the assignment rather than formal parameter
- java-design
- #3603: [java] SimplifiedTernary: no violation for ‘condition ? true : false’ case
- java-performance
- #3867: [java] UseArraysAsList with method call
- plsql
API Changes
Experimental APIs
- Report has two new methods which allow limited mutations of a given report:
Report#filterViolations
creates a new report with some violations removed with a given predicate based filter.Report#union
can combine two reports into a single new Report.
net.sourceforge.pmd.util.Predicate
will be replaced in PMD7 with the standard Predicate interface from java8.- The module
pmd-html
is entirely experimental right now. Anything in the packagenet.sourceforge.pmd.lang.html
should be used cautiously.
External Contributions
- #3883: [doc] Improve side bar by Adding Release Date - @jasonqiu98
- #3910: [java] UnusedPrivateField - Allow the ignored fieldnames to be configurable - @laoseth
- #3928: [plsql] Fix plsql parsing error in parenthesis groups - @LiGaOg
- #3935: [plsql] Fix parser exception in EXECUTE IMMEDIATE BULK COLLECT #3687 - @Scrsloota
- #3938: [java] Modify SimplifiedTernary to meet the missing case #3603 - @VoidxHoshi
- #3943: chore: Set permissions for GitHub actions - @naveensrinivasan
Stats
- 97 commits
- 31 closed tickets & PRs
- Days since last release: 33
27-March-2022 - 6.44.0
The PMD team is pleased to announce PMD 6.44.0.
This is a minor release.
Table Of Contents
New and noteworthy
PMD User Survey
Help shape the future of PMD by telling us how you use it.
Please participate in our survey at https://forms.gle/4d8r1a1RDzfixHDc7.
Thank you!
Java 18 Support
This release of PMD brings support for Java 18. There are no new standard language features.
PMD also supports JEP 420: Pattern Matching for switch (Second Preview) as a
preview language feature. In order to analyze a project with PMD that uses these language features,
you’ll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 18-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 18-preview ...
Note: Support for Java 16 preview language features have been removed. The version “16-preview” is no longer available.
Better XML XPath support
The new rule class DomXPathRule
is intended to replace
usage of the XPathRule
for XML rules. This rule executes the XPath query in a different
way, which sticks to the XPath specification. This means the expression is interpreted
the same way in PMD as in all other XPath development tools that stick to the standard.
You can for instance test the expression in an online XPath editor.
Prefer using this class to define XPath rules: replace the value of the class
attribute with net.sourceforge.pmd.lang.xml.rule.DomXPathRule
like so:
<rule name="MyXPathRule"
language="xml"
message="A message"
class="net.sourceforge.pmd.lang.xml.rule.DomXPathRule">
<properties>
<property name="xpath">
<value><![CDATA[
/a/b/c[@attr = "5"]
]]></value>
</property>
<!-- Note: the property "version" is ignored, remove it. The query is XPath 2. -->
</properties>
</rule>
The rule is more powerful than XPathRule
, as it can now handle XML namespaces,
comments and processing instructions. Please refer to the Javadoc of DomXPathRule
for information about the differences with XPathRule
and examples.
XPathRule
is still perfectly supported for all other languages, including Apex and Java.
New XPath functions
The new XPath functions pmd:startLine
, pmd:endLine
, pmd:startColumn
,
and pmd:endColumn
are now available in XPath rules for all languages. They
replace the node attributes @BeginLine
, @EndLine
and such. These attributes
will be deprecated in a future release.
Please refer to the documentation of these functions for more information, including usage samples.
Note that the function pmd:endColumn
returns an exclusive index, while the
attribute @EndColumn
is inclusive. This is for forward compatibility with PMD 7,
which uses exclusive end indices.
New programmatic API
This release introduces a new programmatic API to replace the inflexible PMD
class.
Programmatic execution of PMD should now be done with a PMDConfiguration
and a PmdAnalysis
, for instance:
PMDConfiguration config = new PMDConfiguration();
config.setDefaultLanguageVersion(LanguageRegistry.findLanguageByTerseName("java").getVersion("11"));
config.setInputPaths("src/main/java");
config.prependAuxClasspath("target/classes");
config.setMinimumPriority(RulePriority.HIGH);
config.addRuleSet("rulesets/java/quickstart.xml");
config.setReportFormat("xml");
config.setReportFile("target/pmd-report.xml");
try (PmdAnalysis pmd = PmdAnalysis.create(config)) {
// note: don't use `config` once a PmdAnalysis has been created.
// optional: add more rulesets
pmd.addRuleSet(pmd.newRuleSetLoader().loadFromResource("custom-ruleset.xml"));
// optional: add more files
pmd.files().addFile(Paths.get("src", "main", "more-java", "ExtraSource.java"));
// optional: add more renderers
pmd.addRenderer(renderer);
// or just call PMD
pmd.performAnalysis();
}
The PMD
class still supports methods related to CLI execution: runPmd
and main
.
All other members are now deprecated for removal.
The CLI itself remains compatible, if you run PMD via command-line, no action is required on your part.
Fixed Issues
- apex
- #3817: [apex] Add designer bindings to display main attributes
- apex-performance
- #3773: [apex] EagerlyLoadedDescribeSObjectResult false positives with SObjectField.getDescribe()
- core
- java
- #3809: [java] Support JDK 18
- doc
- java-design
- xml
API Changes
Deprecated API
- Several members of
PMD
have been newly deprecated, including:PMD#EOL
: useSystem#lineSeparator()
PMD#SUPPRESS_MARKER
: useDEFAULT_SUPPRESS_MARKER
PMD#processFiles
: use the new programmatic APIPMD#getApplicableFiles
: is internal
PMDConfiguration#prependClasspath
is deprecated in favour ofprependAuxClasspath
.PMDConfiguration#setRuleSets
andgetRuleSets
are deprecated. Use insteadsetRuleSets
,addRuleSet
, andgetRuleSetPaths
.- Several members of
BaseCLITest
have been deprecated with replacements. -
Several members of
PMDCommandLineInterface
have been explicitly deprecated. The whole class however was deprecated long ago already with 6.30.0. It is internal API and should not be used. - In modelica, the rule classes
AmbiguousResolutionRule
andConnectUsingNonConnector
have been deprecated, since they didn’t comply to the usual rule class naming conventions yet. The replacements are in the subpackagebestpractices
.
Experimental APIs
-
Together with the new programmatic API the interface
TextFile
has been added as experimental. It intends to replaceDataSource
andSourceCode
in the long term.This interface will change in PMD 7 to support read/write operations and other things. You don’t need to use it in PMD 6, as
FileCollector
decouples you from this. A file collector is available throughPmdAnalysis#files
.
External Contributions
- #3773: [apex] EagerlyLoadedDescribeSObjectResult false positives with SObjectField.getDescribe() - @filiprafalowicz
- #3811: [doc] Improve “Edit me on github” button - @btjiong
- #3836: [doc] Make TOC scrollable when too many subheadings - @JerritEic
Stats
- 124 commits
- 23 closed tickets & PRs
- Days since last release: 29
26-February-2022 - 6.43.0
The PMD team is pleased to announce PMD 6.43.0.
This is a minor release.
Table Of Contents
New and noteworthy
Fixed Issues
- core
- doc
- java
- #3698: [java] Parsing error with try-with-resources and qualified resource
- java-bestpractices
- #3605: [java] SwitchStmtsShouldHaveDefault triggered when default case is present
- java-codestyle
- #278: [java] ConfusingTernary should treat
!= null
as positive condition
- #278: [java] ConfusingTernary should treat
- java-performance
- #3374: [java] UseStringBufferForStringAppends: Wrong example in documentation
- misc
- #3759: [lang-test] Upgrade dokka maven plugin to 1.4.32
- plsql
- #3746: [plsql] Parsing exception “Less than or equal to/Greater than or equal to” operators in DML statements
API Changes
Deprecated API
Some API deprecations were performed in core PMD classes, to improve compatibility with PMD 7.
Report
: the constructor and other construction methods like addViolation or createReportRuleContext
: all constructors, getters and setters. A new set of stable methods, matching those in PMD 7, was added to replace theaddViolation
overloads ofAbstractRule
. In PMD 7,RuleContext
will be the API to report violations, and it can already be used as such in PMD 6.- The field
configuration
is unused and will be removed.
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
RuleSet
: methods that serve to apply rules, includingapply
,start
,end
,removeDysfunctionalRules
AbstractAccumulatingRenderer#renderFileReport
is internal API and should not be overridden in own renderers.
Changed API
It is now forbidden to report a violation:
- With a
null
node - With a
null
message - With a
null
set of format arguments (prefer a zero-length array)
Note that the message is set from the XML rule declaration, so this is only relevant if you instantiate rules manually.
RuleContext
now requires setting the current rule before calling
apply
. This is
done automatically by RuleSet#apply
and such. Creating and configuring a
RuleContext
manually is strongly advised against, as the lifecycle of RuleContext
will change drastically in PMD 7.
External Contributions
- #3767: [core] Update GUI.java - Vyom Yadav
- #3804: [doc] Add floating table of contents (issue #2502) - JerritEic
Stats
- 49 commits
- 22 closed tickets & PRs
- Days since last release: 27
29-January-2022 - 6.42.0
The PMD team is pleased to announce PMD 6.42.0.
This is a minor release.
Table Of Contents
New and noteworthy
Javascript: Rhino updated to latest version 1.7.14
Rhino, the implementation of JavaScript we use for parsing JavaScript code, has been updated to the latest version 1.7.14. Now language features like template strings can be parsed. However Rhino does not support all features of the latest EcmaScript standard.
New rules
- The new Java rule
FinalParameterInAbstractMethod
detects parameters that are declared as final in interfaces or abstract methods. Declaring the parameters as final is useless because the implementation may choose to not respect it.
<rule ref="category/java/codestyle.xml/FinalParameterInAbstractMethod" />
The rule is part of the quickstart.xml ruleset.
Modified rules
- The Apex rule
ApexDoc
has a new propertyreportProperty
. If set tofalse
(default istrue
if unspecified) doesn’t report missing ApexDoc comments on properties. It allows you to enforce ApexDoc comments for classes and methods without requiring them for properties.
Fixed Issues
- core
- #3328: [core] designer.bat errors when JAVAFX_HOME contains spaces
- java
- #3698: [java] Error resolving Symbol Table
- java-bestpractices
- java-design
- #3679: [java] Make FinalFieldCouldBeStatic detect constant variable
- java-errorprone
- #3644: [java] InvalidLogMessageFormat: false positives with logstash structured logging
- #3686: [java] ReturnEmptyCollectionRatherThanNull - false negative with conditioned returns
- #3701: [java] MissingStaticMethodInNonInstantiatableClass false positive with method inner classes
- #3721: [java] ReturnEmptyCollectionRatherThanNull - false positive with stream and lambda
- java-performance
- javascript
- #3703: [javascript] Error - no Node adapter class registered for XmlPropRef
API Changes
No changes.
External Contributions
- #3631: [java] Fixed False positive for UselessStringValueOf when there is no initial String to append to - John Armgardt
- #3683: [java] Fixed 3468 UnusedPrivateMethod false positive when outer class calls private static method on inner class - John Armgardt
- #3688: [java] Bump log4j to 2.16.0 - Sergey Nuyanzin
- #3693: [apex] ApexDoc: Add reportProperty property - Steve Babula
- #3704: [java] Fix for #3686 - Fix ReturnEmptyCollectionRatherThanNull - Oleksii Dykov
- #3713: [java] Enhance UnnecessaryModifier to support records - Vincent Galloy
- #3719: [java] Upgrade log4j to 2.17.1 - Daniel Paul Searles
- #3720: [java] New rule: FinalParameterInAbstractMethod - Vincent Galloy
- #3724: [java] Fix for #3679 - fix FinalFieldCouldBeStatic - Oleksii Dykov
- #3727: [java] #3724 - fix FinalFieldCouldBeStatic: triggers only if the referenced name is static - Oleksii Dykov
- #3742: [java] Fix #3701 - fix MissingStaticMethodInNonInstantiatableClass for method local classes - Oleksii Dykov
- #3744: [core] Updated SaxonXPathRuleQueryTest.java - Vyom Yadav
- #3745: [java] Fix #3712: InsufficientStringBufferDeclaration setLength false positive - Daniel Gredler
- #3747: [visualforce] Updated DataType.java - Vyom Yadav
Stats
- 88 commits
- 35 closed tickets & PRs
- Days since last release: 62
27-November-2021 - 6.41.0
The PMD team is pleased to announce PMD 6.41.0.
This is a minor release.
Table Of Contents
New and noteworthy
GitHub Action for PMD
PMD now has its own official GitHub Action: GitHub Action for PMD. It can execute PMD with your own ruleset against your project. It creates a SARIF report which is uploaded as a build artifact. Furthermore the build can be failed based on the number of violations.
Feedback and pull requests are welcome at https://github.com/pmd/pmd-github-action.
Last release in 2021
This minor release will be the last one in 2021. The next release is scheduled to be end of January 2022.
Fixed Issues
- core
- java-bestpractices
- #3595: [java] PrimitiveWrapperInstantiation: no violation on ‘new Boolean(val)’
- #3613: [java] ArrayIsStoredDirectly doesn’t consider nested classes
- #3614: [java] JUnitTestsShouldIncludeAssert doesn’t consider nested classes
- #3618: [java] UnusedFormalParameter doesn’t consider anonymous classes
- #3630: [java] MethodReturnsInternalArray doesn’t consider anonymous classes
- java-design
- #3620: [java] SingularField doesn’t consider anonymous classes defined in non-private fields
- java-errorprone
- #3624: [java] TestClassWithoutTestCases reports wrong classes in a file
- java-performance
- #3491: [java] UselessStringValueOf: False positive when
valueOf(char [], int, int)
is used
- #3491: [java] UselessStringValueOf: False positive when
API Changes
Command Line Interface
The command line options for PMD and CPD now use GNU-syle long options format. E.g. instead of -rulesets
the
preferred usage is now --rulesets
. Alternatively one can still use the short option -R
.
Some options also have been renamed to a more consistent casing pattern at the same time
(--fail-on-violation
instead of -failOnViolation
).
The old single-dash options are still supported but are deprecated and will be removed with PMD 7.
This change makes the command line interface more consistent within PMD and also less surprising
compared to other cli tools.
The changes in detail for PMD:
old option | new option |
---|---|
-rulesets |
--rulesets (or -R ) |
-uri |
--uri |
-dir |
--dir (or -d ) |
-filelist |
--file-list |
-ignorelist |
--ignore-list |
-format |
--format (or -f ) |
-debug |
--debug |
-verbose |
--verbose |
-help |
--help |
-encoding |
--encoding |
-threads |
--threads |
-benchmark |
--benchmark |
-stress |
--stress |
-shortnames |
--short-names |
-showsuppressed |
--show-suppressed |
-suppressmarker |
--suppress-marker |
-minimumpriority |
--minimum-priority |
-property |
--property |
-reportfile |
--report-file |
-force-language |
--force-language |
-auxclasspath |
--aux-classpath |
-failOnViolation |
--fail-on-violation |
--failOnViolation |
--fail-on-violation |
-norulesetcompatibility |
--no-ruleset-compatibility |
-cache |
--cache |
-no-cache |
--no-cache |
The changes in detail for CPD:
old option | new option |
---|---|
--failOnViolation |
--fail-on-violation |
-failOnViolation |
--fail-on-violation |
--filelist |
--file-list |
External Contributions
- #3600: [core] Implement GNU-style long options and ‘–version’ - Yang
- #3612: [java] Created fix for UselessStringValueOf false positive - John Armgardt
- #3648: [doc] Rename Code Inspector to Codiga - Julien Delange
Stats
- 80 commits
- 23 closed tickets & PRs
- Days since last release: 28
30-October-2021 - 6.40.0
The PMD team is pleased to announce PMD 6.40.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated Apex Support
- The Apex language support has been bumped to version 54.0 (Spring ‘22).
New rules
- The new Apex rule
EagerlyLoadedDescribeSObjectResult
findsDescribeSObjectResult
s which could have been loaded eagerly viaSObjectType.getDescribe()
.
<rule ref="category/apex/performance.xml/EagerlyLoadedDescribeSObjectResult" />
Modified rules
-
The Apex rule
ApexUnitTestClassShouldHaveAsserts
has a new propertyadditionalAssertMethodPattern
. When specified the pattern is evaluated against each invoked method name to determine whether it represents a test assertion in addition to the standard names. -
The Apex rule
ApexDoc
has a new propertyreportMissingDescription
. If set tofalse
(default istrue
if unspecified) doesn’t report an issue if the@description
tag is missing. This is consistent with the ApexDoc dialect supported by derivatives such as SfApexDoc and also with analogous documentation tools for other languages, e.g., JavaDoc, ESDoc/JSDoc, etc. -
The Apex rule
ApexCRUDViolation
has a couple of new properties: These allow specification of regular-expression-based patterns for additional methods that should be considered valid for pre-CRUD authorization beyond those offered by the system Apex checks and ESAPI, e.g.,sirono-common
’sAuthorizationUtil
class. Two new properties have been added per-CRUD operation, one to specify the naming pattern for a method that authorizes that operation and another to specify the argument passed to that method that contains theSObjectType
instance of the type being authorized. Here is an example of these new properties:<rule ref="category/apex/security.xml/ApexCRUDViolation" message="..."> <priority>3</priority> <properties> <property name="createAuthMethodPattern" value="AuthorizationUtil\.(is|assert)(Createable|Upsertable)"/> <!-- There's one of these properties for each operation, and the default value is 0 so this is technically superfluous, but it's included it here for example purposes. --> <property name="createAuthMethodTypeParamIndex" value="0"/> <property name="readAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Accessible"/> <property name="updateAuthMethodPattern" value="AuthorizationUtil\.(is|assert)(Updateable|Upsertable)"/> <property name="deleteAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Deletable"/> <property name="undeleteAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Undeletable"/> <property name="mergeAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Mergeable"/> </properties> </rule>
-
The Apex rule
EmptyStatementBlock
has two new properties:Setting
reportEmptyPrivateNoArgConstructor
tofalse
ignores empty private no-arg constructors that are commonly used in singleton pattern implementations and utility classes in support of prescribed best practices.Setting
reportEmptyVirtualMethod
tofalse
ignores empty virtual methods that are commonly used in abstract base classes as default no-op implementations when derived classes typically only override a subset of virtual methods.By default, both properties are
true
to not change the default behaviour of this rule. -
The Apex rule
EmptyCatchBlock
has two new properties modeled after the analogous Java rule:The
allowCommentedBlocks
property, when set totrue
(defaults tofalse
), ignores empty blocks containing comments, e.g.:try { doSomethingThatThrowsAnExpectedException(); System.assert(false, 'Expected to catch an exception.'); } catch (Exception e) { // Expected }
The
allowExceptionNameRegex
property is a regular expression for exception variable names for which empty catch blocks should be ignored by this rule. For example, using the default property value of^(ignored|expected)$
, the following empty catch blocks will not be reported:try { doSomethingThatThrowsAnExpectedException(); System.assert(false, 'Expected to catch an exception.'); } catch (IllegalStateException ignored) { } catch (NumberFormatException expected) { }
-
The Apex rule
OneDeclarationPerLine
has a new propertyreportInForLoopInitializer
: If set tofalse
(default istrue
if unspecified) doesn’t report an issue for multiple declarations in afor
loop’s initializer section. This is support the common idiom of one declaration for the loop variable and another for the loop bounds condition, e.g.,for (Integer i = 0, numIterations = computeNumIterations(); i < numIterations; i++) { }
-
The Java rule
ClassNamingConventions
uses a different default value of the propertyutilityClassPattern
: This rule was detecting utility classes by default since PMD 6.3.0 and enforcing the naming convention that utility classes has to be suffixed with Util or Helper or Constants. However this turned out to be not so useful as a default configuration, as there is no standard naming convention for utility classes.With PMD 6.40.0, the default value of this property has been changed to
[A-Z][a-zA-Z0-9]*
(Pascal case), effectively disabling the special handling of utility classes. This is the same default pattern used for concrete classes.This means, that the feature to enforce a naming convention for utility classes is now a opt-in feature and can be enabled on demand.
To use the old behaviour, the property needs to be configured as follows:
<rule ref="category/java/codestyle.xml/ClassNamingConventions"> <properties> <property name="utilityClassPattern" value="[A-Z][a-zA-Z0-9]+(Utils?|Helper|Constants)" /> </properties> </rule>
Fixed Issues
- apex
- #1089: [apex] ApexUnitTestClassShouldHaveAsserts: Test asserts in other methods not detected
- #1090: [apex] ApexCRUDViolation: checks not detected if done in another method
- #3532: [apex] Promote usage of consistent getDescribe() info
- #3566: [apex] ApexDoc rule should not require “@description”
- #3568: [apex] EmptyStatementBlock: should provide options to ignore empty private constructors and empty virtual methods
- #3569: [apex] EmptyCatchBlock: should provide an option to ignore empty catch blocks in test methods
- #3570: [apex] OneDeclarationPerLine: should provide an option to ignore multiple declarations in a for loop initializer
- #3576: [apex] ApexCRUDViolation should provide an option to specify additional patterns for methods that encapsulate authorization checks
- #3579: [apex] ApexCRUDViolation: false negative with undelete
- java-bestpractices
- #3542: [java] MissingOverride: False negative for enum method
- java-codestyle
- java-errorprone
- #3560: [java] InvalidLogMessageFormat: False positive with message and exception in a block inside a lambda
- java-performance
- #2364: [java] AddEmptyString false positive in annotation value
- java-security
- #3368: [java] HardcodedCryptoKey false negative with variable assignments
API Changes
Experimental APIs
- The interface
ASTCommentContainer
has been added to the Apex AST. It provides a way to check whether a node contains at least one comment. Currently this is only implemented forASTCatchBlockStatement
and used by the ruleEmptyCatchBlock
. This information is also available via XPath attribute@ContainsComment
.
External Contributions
- #3538: [apex] New rule EagerlyLoadedDescribeSObjectResult - Jonathan Wiesel
- #3549: [java] Ignore AddEmptyString rule in annotations - Stanislav Myachenkov
- #3561: [java] InvalidLogMessageFormat: False positive with message and exception in a block inside a lambda - Nicolas Filotto
- #3565: [doc] Fix resource leak due to Files.walk - lujiefsi
- #3571: [apex] Fix for #1089 - Added new configuration property additionalAssertMethodPattern to ApexUnitTestClassShouldHaveAssertsRule - Scott Wells
- #3572: [apex] Fix for #3566 - Added new configuration property reportMissingDescription to ApexDocRule - Scott Wells
- #3573: [apex] Fix for #3568 - Added new configuration properties reportEmptyPrivateNoArgConstructor and reportEmptyVirtualMethod to EmptyStatementBlock - Scott Wells
- #3574: [apex] Fix for #3569 - Added new configuration properties allowCommentedBlocks and allowExceptionNameRegex to EmptyCatchBlock - Scott Wells
- #3575: [apex] Fix for #3570 - Added new configuration property reportInForLoopInitializer to OneDeclarationPerLine - Scott Wells
- #3577: [apex] Fix for #3576 - Added new configuration properties *AuthMethodPattern and *AuthMethodTypeParamIndex to ApexCRUDViolation rule - Scott Wells
- #3578: [apex] ApexCRUDViolation: Documentation changes for #3576 - Scott Wells
- #3580: [doc] Release notes updates for the changes in issue #3569 - Scott Wells
- #3581: [apex] #3569 - Requested changes for code review feedback - Scott Wells
Stats
- 72 commits
- 37 closed tickets & PRs
- Days since last release: 34
25-September-2021 - 6.39.0
The PMD team is pleased to announce PMD 6.39.0.
This is a minor release.
Table Of Contents
New and noteworthy
All Contributors
PMD follows the All Contributors specification. Contributions of any kind welcome!
See credits for our complete contributors list.
Fixed Issues
- core
- #3499: [core] Fix XPath rulechain with combined node tests
- java-errorprone
- #3493: [java] AvoidAccessibilityAlteration: add tests and fix rule
- javascript
- #3516: [javascript] NPE while creating rule violation when specifying explicit line numbers
- plsql
API Changes
No changes.
External Contributions
- #3516: [javascript] NPE while creating rule violation when specifying explicit line numbers - Kevin Guerra
Stats
- 37 commits
- 10 closed tickets & PRs
- Days since last release: 27
28-August-2021 - 6.38.0
The PMD team is pleased to announce PMD 6.38.0.
This is a minor release.
Table Of Contents
Fixed Issues
- apex
- core
- #3446: [core] Allow XPath rules to access the current file name
- java-bestpractices
- #3403: [java] MethodNamingConventions junit5TestPattern does not detect parameterized tests
External Contributions
- #3445: [java] Fix #3403 about MethodNamingConventions and JUnit5 parameterized tests - Cyril Sicard
- #3470: [apex] Fix ApexCRUDViolationRule - add super call - Josh Feingold
Stats
- 32 commits
- 8 closed tickets & PRs
- Days since last release: 27
31-July-2021 - 6.37.0
The PMD team is pleased to announce PMD 6.37.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 17 Support
This release of PMD brings support for Java 17. PMD supports JEP 409: Sealed Classes which has been promoted to be a standard language feature of Java 17.
PMD also supports JEP 406: Pattern Matching for switch (Preview) as a preview
language feature. In order to analyze a project with PMD that uses these language features, you’ll need to enable
it via the environment variable PMD_JAVA_OPTS
and select the new language version 17-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 17-preview ...
Note: Support for Java 15 preview language features have been removed. The version “15-preview” is no longer available.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
New rules
This release ships with 3 new Java rules.
PrimitiveWrapperInstantiation
reports usages of primitive wrapper constructors. They are deprecated since Java 9 and should not be used.
<rule ref="category/java/bestpractices.xml/PrimitiveWrapperInstantiation" />
The rule is part of the quickstart.xml ruleset.
SimplifiableTestAssertion
suggests rewriting some test assertions to be more readable.
<rule ref="category/java/bestpractices.xml/SimplifiableTestAssertion" />
The rule is part of the quickstart.xml ruleset.
ReturnEmptyCollectionRatherThanNull
suggests returning empty collections / arrays instead of null.
<rule ref="category/java/errorprone.xml/ReturnEmptyCollectionRatherThanNull" />
The rule is part of the quickstart.xml ruleset.
Renamed rules
- The Java rule
MissingBreakInSwitch
has been renamed toImplicitSwitchFallThrough
(category error prone) to better reflect the rule’s purpose: The rule finds implicit fall-through cases in switch statements, which are most likely unexpected. The old rule name described only one way how to avoid a fall-through, namely usingbreak
butcontinue
,throw
andreturn
avoid a fall-through as well. This enables us to improve this rule in the future.
Deprecated rules
- The following Java rules are deprecated and removed from the quickstart ruleset,
as the new rule
SimplifiableTestAssertion
merges their functionality: -
The Java rule
ReturnEmptyArrayRatherThanNull
is deprecated and removed from the quickstart ruleset, as the new ruleReturnEmptyCollectionRatherThanNull
supersedes it. - The following Java rules are deprecated and removed from the quickstart ruleset,
as the new rule
PrimitiveWrapperInstantiation
merges their functionality: - The Java rule
UnnecessaryWrapperObjectCreation
is deprecated with no planned replacement before PMD 7. In it’s current state, the rule is not useful as it finds only contrived cases of creating a primitive wrapper and unboxing it explicitly in the same expression. In PMD 7 this and more cases will be covered by a new ruleUnnecessaryBoxing
.
Fixed Issues
- apex
- core
- java-bestpractices
- java-errorprone
- java-performance
- #3420: [java] NPE in
InefficientStringBuffering
with Records
- #3420: [java] NPE in
API Changes
PMD CLI
-
PMD has a new CLI option
-force-language
. With that a language can be forced to be used for all input files, irrespective of filenames. When using this option, the automatic language selection by extension is disabled and all files are tried to be parsed with the given language. Parsing errors are ignored and unparsable files are skipped.This option allows to use the xml language for files, that don’t use xml as extension. See also the examples on PMD CLI reference.
Experimental APIs
- The AST types and APIs around Sealed Classes are not experimental anymore:
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
- The inner class
net.sourceforge.pmd.cpd.TokenEntry.State
is considered to be internal API. It will probably be moved away with PMD 7.
External Contributions
- #3367: [apex] Check SOQL CRUD on for loops - Jonathan Wiesel
- #3373: [apex] Add ApexCRUDViolation support for database class, inline no-arg object construction DML and inline list initialization DML - Jonathan Wiesel
- #3385: [core] CPD: Optimize –skip-lexical-errors option - Woongsik Choi
- #3388: [doc] Add Code Inspector in the list of tools - Julien Delange
- #3417: [core] Support forcing a specific language from the command-line - Aidan Harding
Stats
- 82 commits
- 29 closed tickets & PRs
- Days since last release: 35
26-June-2021 - 6.36.0
The PMD team is pleased to announce PMD 6.36.0.
This is a minor release.
Table Of Contents
New and noteworthy
Improved Incremental Analysis
Incremental Analysis has long helped our users obtain faster analysis results, however, its implementation tended to be too cautious in detecting changes to the runtime and type resolution classpaths, producing more cache invalidations than necessary. We have now improved the heuristics to remove several bogus invalidations, and slightly sped up the cache usage along the way.
PMD will now ignore:
- Non class files in classpath and jar / zip files being referenced.
- Changes to the order of file entries within a jar / zip
- Changes to file metadata within jar / zip (ie: creation and modification time, significant in multi-module / composite build projects where lateral artifacts are frequently recreated)
New rules
- The new Apex rule
AvoidDebugStatements
finds usages ofSystem.debug
calls. Debug statements contribute to longer transactions and consume Apex CPU time even when debug logs are not being captured. You can try out this rule like so:
<rule ref="category/apex/performance.xml/AvoidDebugStatements" />
- The new Apex rule
InaccessibleAuraEnabledGetter
checks that anAuraEnabled
getter is public or global. This is necessary if it is referenced in Lightning components. You can try out this rule like so:
<rule ref="category/apex/errorprone.xml/InaccessibleAuraEnabledGetter" />
Renamed rules
- The Java rule
BadComparison
has been renamed toComparisonWithNaN
to better reflect what the rule actually detects. It now considers usages ofDouble.NaN
orFloat.NaN
in more cases and fixes false negatives.
Fixed Issues
- apex
- core
- java-bestpractices
- #957: [java] GuardLogStatement: False positive with compile-time constant arguments
- #3076: [java] UnusedAssignment reports unused variable when used in increment expr
- #3114: [java] UnusedAssignment false positive when reporting unused variables
- #3315: [java] LiteralsFirstInComparisons false positive with two constants
- #3341: [java] JUnitTestsShouldIncludeAssert should support Junit 5
- #3340: [java] NullPointerException applying rule GuardLogStatement
- java-codestyle
- #3317: [java] Update UnnecessaryImport to recognize usage of imported types in javadoc’s
@exception
tag
- #3317: [java] Update UnnecessaryImport to recognize usage of imported types in javadoc’s
- java-errorprone
- #2895: [java] Improve BadComparison and rename to ComparisonWithNaN
- #3284: [java] InvalidLogMessageFormat may examine the value of a different but identically named String variable
- #3304: [java] NPE in MoreThanOneLoggerRule on a java 16 record
- #3305: [java] ConstructorCallsOverridableMethodRule IndexOutOfBoundsException on a java16 record
- #3343: [java] CloneMethodMustImplementCloneable: FN with local classes
- java-performance
API Changes
No changes.
External Contributions
- #3276: [apex] Update ApexCRUDViolation and OperationWithLimitsInLoop docs - Jonathan Wiesel
- #3306: [java] More than one logger rule test null pointer exception - Arnaud Jeansen
- #3317: [java] Update UnnecessaryImport to recognize usage of imported types in javadoc’s
@exception
tag - Piotrek Żygieło - #3319: [apex] New AvoidDebugStatements rule to mitigate performance impact - Jonathan Wiesel
- #3320: [java] Fix incorrect increment for “else if” branch in Cognitive Complexity docs - Denis Borovikov
- #3322: [apex] added rule to detect inaccessible AuraEnabled getters - Philippe Ozil
- #3323: [core] Adds fullDescription and tags in SARIF report - Clint Chester
- #3339: [java] JUnitTestsShouldIncludeAssert Tweak assertion definition to avoid false positive with modern JUnit5 - Arnaud Jeansen
Stats
- 81 commits
- 36 closed tickets & PRs
- Days since last release: 28
29-May-2021 - 6.35.0
The PMD team is pleased to announce PMD 6.35.0.
This is a minor release.
Table Of Contents
New and noteworthy
Javascript module now requires at least Java 8
The latest version of Rhino, the implementation of JavaScript we use for parsing JavaScript code, requires at least Java 8. Therefore we decided to upgrade the pmd-javascript module to Java 8 as well. This means that from now on, a Java 8 or later runtime is required in order to analyze JavaScript code. Note that PMD core still only requires Java 7.
New rules
This release ships with 3 new Java rules.
JUnit5TestShouldBePackagePrivate
enforces the convention that JUnit 5 tests should have minimal visibility. You can try out this rule like so:<rule ref="category/java/bestpractices.xml/JUnit5TestShouldBePackagePrivate" />
CognitiveComplexity
uses the cognitive complexity metric to find overly complex code. This metric improves on the similar cyclomatic complexity in several ways, for instance, it incentivizes using clearly readable shorthands and idioms. See the rule documentation for more details. You can try out this rule like so:<rule ref="category/java/design.xml/CognitiveComplexity" />
MutableStaticState
finds non-private static fields that are not final. These fields break encapsulation since these fields can be modified from anywhere within the program. You can try out this rule like so:<rule ref="category/java/design.xml/MutableStaticState" />
Modified rules
- The Java rule
CompareObjectsWithEquals
has now a new propertytypesThatCompareByReference
. With that property, you can configure types, that should be whitelisted for comparison by reference. By default,java.lang.Enum
andjava.lang.Class
are allowed, but you could add custom types here. Additionally comparisons against constants are allowed now. This makes the rule less noisy when two constants are compared. Constants are identified by looking for an all-caps identifier.
Deprecated rules
-
The java rule
DefaultPackage
has been deprecated in favor ofCommentDefaultAccessModifier
.The rule “DefaultPackage” assumes that any usage of package-access is accidental, and by doing so, prohibits using a really fundamental and useful feature of the language.
To satisfy the rule, you have to make the member public even if it doesn’t need to, or make it protected, which muddies your intent even more if you don’t intend the class to be extended, and may be at odds with other rules like
AvoidProtectedFieldInFinalClass
.The rule
CommentDefaultAccessModifier
should be used instead. It flags the same thing, but has an escape hatch. -
The Java rule
CloneThrowsCloneNotSupportedException
has been deprecated without replacement.The rule has no real value as
CloneNotSupportedException
is a checked exception and therefore you need to deal with it while implementing theclone()
method. You either need to declare the exception or catch it. If you catch it, then subclasses can’t throw it themselves explicitly. However,Object.clone()
will still throw this exception if theCloneable
interface is not implemented.Note, this rule has also been removed from the Quickstart Ruleset (
rulesets/java/quickstart.xml
).
Fixed Issues
- apex
- core
- doc
- #3230: [doc] Remove “Edit me” button for language index pages
- dist
- #2466: [dist] Distribution archive doesn’t include all batch scripts
- java
- #3269: [java] Fix NPE in MethodTypeResolution
- java-bestpractices
- #1175: [java] UnusedPrivateMethod FP with Junit 5 @MethodSource
- #2219: [java] Document Reasons to Avoid Reassigning Parameters
- #2737: [java] Fix misleading rule message on rule SwitchStmtsShouldHaveDefault with non-exhaustive enum switch
- #3236: [java] LiteralsFirstInComparisons should consider constant fields (cont’d)
- #3239: [java] PMD could enforce non-public methods for Junit5 / Jupiter test methods
- #3254: [java] AvoidReassigningParameters reports violations on wrong line numbers
- java-codestyle
- #2655: [java] UnnecessaryImport false positive for on-demand imports
- #3206: [java] Deprecate rule DefaultPackage
- #3262: [java] FieldDeclarationsShouldBeAtStartOfClass: false negative with anon classes
- #3265: [java] MethodArgumentCouldBeFinal: false negatives with interfaces and inner classes
- #3266: [java] LocalVariableCouldBeFinal: false negatives with interfaces, anon classes
- #3274: [java] OnlyOneReturn: false negative with anonymous class
- #3275: [java] UnnecessaryLocalBeforeReturn: false negatives with lambda and anon class
- java-design
- java-errorprone
- #3110: [java] Enhance CompareObjectsWithEquals with list of exceptions
- #3112: [java] Deprecate rule CloneThrowsCloneNotSupportedException
- #3205: [java] Make CompareObjectWithEquals allow comparing against constants
- #3248: [java] Documentation is wrong for SingletonClassReturningNewInstance rule
- #3249: [java] AvoidFieldNameMatchingTypeName: False negative with interfaces
- #3268: [java] ConstructorCallsOverridableMethod: IndexOutOfBoundsException with annotations
- java-performance
- #1438: [java] InsufficientStringBufferDeclaration false positive for initial calculated StringBuilder size
- javascript
API Changes
Deprecated API
PMD#doPMD
is deprecated. UsePMD#runPMD
instead.PMD#run
is deprecated. UsePMD#runPMD
instead.ThreadSafeReportListener
and the methods to use them inReport
(addListener
,getListeners
,addListeners
) are deprecated. This functionality will be replaced by another TBD mechanism in PMD 7.
External Contributions
- #3272: [apex] correction for ApexUnitTestMethodShouldHaveIsTestAnnotation false positives - William Brockhus
- #3246: [java] New Rule: MutableStaticState - Vsevolod Zholobov
- #3247: [java] New rule: JUnit5TestShouldBePackagePrivate - Arnaud Jeansen
- #3293: [java] Cognitive Complexity Metric - Denis Borovikov
- pmd.github.io#12: Update quickstart.html - Igor Lyadov
Stats
- 143 commits
- 53 closed tickets & PRs
- Days since last release: 34
24-April-2021 - 6.34.0
The PMD team is pleased to announce PMD 6.34.0.
This is a minor release.
Table Of Contents
New and noteworthy
New rules
-
The new Java rule
UseStandardCharsets
finds usages ofCharset.forName
, whereStandardCharsets
can be used instead.This rule is also part of the Quickstart Ruleset (
rulesets/java/quickstart.xml
) for Java. -
The new Java rule
UnnecessaryImport
replaces the rulesUnusedImports
,DuplicateImports
,ImportFromSamePackage
, andDontImportJavaLang
.This rule is also part of the Quickstart Ruleset (
rulesets/java/quickstart.xml
) for Java.
Modified rules
- The Apex rule
ApexCRUDViolation
does not ignore getters anymore and also flags SOQL/SOSL/DML operations without access permission checks in getters. This will produce false positives now for VF getter methods, but we can’t reliably detect, whether a getter is a VF getter or not. In such cases, the violation should be suppressed.
Deprecated rules
- java-bestpractices
UnusedImports
: use the ruleUnnecessaryImport
instead
- java-codestyle
DuplicateImports
: use the ruleUnnecessaryImport
insteadDontImportJavaLang
: use the ruleUnnecessaryImport
instead
- java-errorprone
ImportFromSamePackage
: use the ruleUnnecessaryImport
instead
Fixed Issues
- apex-performance
- #3198: [apex] OperationWithLimitsInLoopRule: Support more limit consuming static method invocations
- apex-security
- java-bestpractices
- java-codestyle
- #3128: [java] New rule UnnecessaryImport, deprecate DuplicateImports, ImportFromSamePackage, UnusedImports
- java-errorprone
API Changes
No changes.
External Contributions
- #3193: [java] New rule: UseStandardCharsets - Andrea Aime
- #3198: [apex] OperationWithLimitsInLoopRule: Support more limit consuming static method invocations - Jonathan Wiesel
- #3211: [apex] ApexCRUDViolationRule: Do not assume method is VF getter to avoid CRUD checks - Jonathan Wiesel
- #3234: [apex] ApexCRUDViolation: COUNT is indeed CRUD checkable since it exposes data (false-negative) - Jonathan Wiesel
Stats
- 74 commits
- 18 closed tickets & PRs
- Days since last release: 27
27-March-2021 - 6.33.0
The PMD team is pleased to announce PMD 6.33.0.
This is a minor release.
Table Of Contents
New and noteworthy
PLSQL parsing exclusions
The PMD PLSQL parser might not parse every valid PL/SQL code without problems. In order to still use PMD on such files, you can now mark certain lines for exclusion from the parser. More information can be found in the language specific documentation for PLSQL.
Fixed Issues
- apex-design
- #3142: [apex] ExcessiveClassLength multiple warning on the same class
- java
- java-bestpractices
- #3118: [java] UnusedPrivateMethod false positive when passing in lombok.val as argument
- #3144: [java] GuardLogStatement can have more detailed example
- #3155: [java] GuardLogStatement: False negative with unguarded method call
- #3160: [java] MethodReturnsInternalArray does not consider static final fields and fields initialized with empty array
- java-errorprone
- #2977: [java] CloseResource: false positive with reassignment detection
- #3146: [java] InvalidLogMessageFormat detection failing when String.format used
- #3148: [java] CloseResource false positive with Objects.nonNull
- #3165: [java] InvalidLogMessageFormat detection failing when String.format used in a variable
- java-performance
- plsql
- #195: [plsql] Ampersand ‘&’ causes PMD processing error in sql file - Lexical error in file
External Contributions
- #3161: [plsql] Add support for lexical parameters in SQL*Plus scripts, allow excluding lines which the parser does not understand - Henning von Bargen
- #3167: [java] Minor typo in quickstart ruleset - Austin Tice
Stats
- 49 commits
- 27 closed tickets & PRs
- Days since last release: 28
27-February-2021 - 6.32.0
The PMD team is pleased to announce PMD 6.32.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 16 Support
This release of PMD brings support for Java 16. PMD supports JEP 394: Pattern Matching for instanceof and JEP 395: Records. Both have been promoted to be a standard language feature of Java 16.
PMD also supports JEP 397: Sealed Classes (Second Preview) as a preview
language feature. In order to analyze a project with PMD that uses these language features, you’ll need to enable
it via the environment variable PMD_JAVA_OPTS
and select the new language version 16-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 16-preview ...
Note: Support for Java 14 preview language features have been removed. The version “14-preview” is no longer available.
Modified Rules
- The Apex rule
ApexDoc
has two new properties:reportPrivate
andreportProtected
. Previously the rule only considered public and global classes, methods, and properties. With these properties, you can verify the existence of ApexDoc comments for private and protected methods as well. By default, these properties are disabled to preserve backwards compatible behavior.
Fixed Issues
- apex-documentation
- #3075: [apex] ApexDoc should support private access modifier
- java
- #3101: [java] NullPointerException when running PMD under JRE 11
- java-bestpractices
- #3132: [java] UnusedImports with static imports on subclasses
- java-errorprone
- plsql
- #3106: [plsql] ParseException while parsing EXECUTE IMMEDIATE ‘drop database link ‘ || linkname;
API Changes
Experimental APIs
- The experimental class
ASTTypeTestPattern
has been renamed toASTTypePattern
in order to align the naming to the JLS. - The experimental class
ASTRecordConstructorDeclaration
has been renamed toASTCompactConstructorDeclaration
in order to align the naming to the JLS. - The AST types and APIs around Pattern Matching and Records are not experimental anymore:
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
- The protected or public member of the Java rule
AvoidUsingHardCodedIPRule
are deprecated and considered to be internal API. They will be removed with PMD 7.
External Contributions
- #3098: [apex] ApexDoc optionally report private and protected - Jonathan Wiesel
- #3107: [plsql] Fix ParseException for EXECUTE IMMEDIATE str1||str2; - hvbtup
- #3125: [doc] Fix sample code indentation in documentation - Artur Dryomov
Stats
- 43 commits
- 21 closed tickets & PRs
- Days since last release: 27
30-January-2021 - 6.31.0
The PMD team is pleased to announce PMD 6.31.0.
This is a minor release.
Table Of Contents
New and noteworthy
SARIF Format
PMD now supports the Static Analysis Results Interchange Format (SARIF)
as an additional report format. Just use the command line parameter -format sarif
to select it.
SARIF is an OASIS standard format for static analysis tools.
PMD creates SARIF JSON files in SARIF version 2.1.0.
An example report can be found in the documentation in Report formats for PMD.
CPD
- The C++ module now supports the new option
--ignore-literal-sequences
, which can be used to avoid detection of some uninteresting clones. This options has been introduced with PMD 6.30.0 for C# and is now available for C++ as well. See #2963.
New Rules
-
The new Apex rule
OverrideBothEqualsAndHashcode
brings the well known Java rule to Apex. In Apex the same principle applies:equals
andhashCode
should always be overridden together to ensure collection classes such as Maps and Sets work as expected. -
The new Visualforce rule
VfHtmlStyleTagXss
checks for potential XSS problems when using<style>
tags on Visualforce pages.
Deprecated rules
- java-performance
AvoidUsingShortType
: arithmetic on shorts is not significantly slower than on ints, whereas using shorts may provide significant memory savings in arrays.SimplifyStartsWith
: the suggested code transformation has an insignificant performance impact, and decreases readability.
Fixed Issues
- core
- java-bestpractices
- #575: [java] LiteralsFirstInComparisons should consider constant fields
- #2454: [java] UnusedPrivateMethod violation for disabled class in 6.23.0
- #2833: [java] NPE in UseCollectionIsEmptyRule with enums
- #2876: [java] UnusedPrivateField cannot override ignored annotations property
- #2957: [java] Ignore unused declarations that have special name
- java-codestyle
- #2960: [java] Thread issue in MethodNamingConventionsRule
- java-design
- #3006: [java] NPE in SingularFieldRule with concise resource syntax
- java-errorprone
- #2976: [java] CompareObjectsWithEquals: FP with array.length
- #2977: [java] 6.30.0 introduces new false positive in CloseResource rule?
- #2979: [java] UseEqualsToCompareStrings: FP with “var” variables
- #3004: [java] UseEqualsToCompareStrings false positive with PMD 6.30.0
- #3062: [java] CloseResource FP with reassigned stream
- java-performance
- vf-security
- #3081: [vf] VfUnescapeEl: Inherently un-XSS-able built-in functions trigger false positives
API Changes
Deprecated API
AbstractDomXmlRule
AbstractWsdlRule
- A few methods of
AbstractXmlRule
Experimental APIs
- The method
GenericToken#getKind
has been added as experimental. This unifies the token interface for both JavaCC and Antlr. The already existing methodAntlrToken#getKind
is therefore experimental as well. The returned constant depends on the actual language and might change whenever the grammar of the language is changed.
External Contributions
- #2666: [swift] Manage swift5 string literals - kenji21
- #2959: [apex] New Rule: override equals and hashcode rule - recdevs
- #2963: [cpp] Add option to ignore sequences of literals - Maikel Steneker
- #2964: [cs] Update C# grammar for additional C# 7 and C# 8 features - Maikel Steneker
- #2965: [cs] Improvements for ignore sequences of literals functionality - Maikel Steneker
- #2968: [java] NPE in UseCollectionIsEmptyRule with enums - foxmason
- #2983: [java] LiteralsFirstInComparisons should consider constant fields - Ozan Gulle
- #2994: [core] Fix code climate severity strings - Vincent Maurin
- #3005: [vf] [New Rule] Handle XSS violations that can occur within Html Style tags - rmohan20
- #3073: [core] Include SARIF renderer - Manuel Moya Ferrer
- #3084: [vf] VfUnescapeEl false-positive with builtin functions - Josh Feingold
Stats
- 116 commits
- 40 closed tickets & PRs
- Days since last release: 49
12-December-2020 - 6.30.0
The PMD team is pleased to announce PMD 6.30.0.
This is a minor release.
Table Of Contents
- New and noteworthy * CPD * Type information for VisualForce
- Fixed Issues
- API Changes
- External Contributions
- Stats
New and noteworthy
CPD
-
The C# module now supports the new option
--ignore-literal-sequences
, which can be used to avoid detection of some uninteresting clones. Support for other languages may be added in the future. See #2945 -
The Scala module now supports suppression through
CPD-ON
/CPD-OFF
comment pairs. See #2929
Type information for VisualForce
The Visualforce AST now can resolve the data type of Visualforce expressions that reference Apex Controller properties and Custom Object fields. This feature improves the precision of existing rules, like VfUnescapeEl
.
This can be configured using two environment variables:
PMD_VF_APEXDIRECTORIES
: Comma separated list of directories for Apex classes. Absolute or relative to the Visualforce directory. Default is../classes
. Specifying an empty string will disable data type resolution for Apex Controller properties.PMD_VF_OBJECTSDIRECTORIES
: Comma separated list of directories for Custom Objects. Absolute or relative to the Visualforce directory. Default is../objects
. Specifying an empty string will disable data type resolution for Custom Object fields.
This feature is experimental, in particular, expect changes to the way the configuration is specified. We’ll probably extend the CLI instead of relying on environment variables in a future version.
Thanks to Jeff Bartolotta and Roopa Mohan for contributing this!
Fixed Issues
- core
- cs
- #2938: [cs] CPD: ignoring using directives could not be disabled
- java
- scala
- #2480: [scala] Support CPD suppressions
API Changes
Deprecated API
Around RuleSet parsing
RuleSetFactory
andRulesetsFactoryUtils
have been deprecated in favor ofRuleSetLoader
. This is easier to configure, and more maintainable than the multiple overloads ofRulesetsFactoryUtils
.- Some static creation methods have been added to
RuleSet
for simple cases, egforSingleRule
. These replace some counterparts inRuleSetFactory
- Since
RuleSets
is also deprecated, many APIs that require a RuleSets instance now are deprecated, and have a counterpart that expects aList<RuleSet>
. RuleSetReferenceId
,RuleSetReference
,RuleSetFactoryCompatibility
are deprecated. They are most likely not relevant outside of the implementation of pmd-core.
Around the PMD
class
Many classes around PMD’s entry point (PMD
) have been deprecated as internal, including:
- The contents of the packages
net.sourceforge.pmd.cli
,net.sourceforge.pmd.processor
SourceCodeProcessor
- The constructors of
PMD
(the class will be made a utility class)
Miscellaneous
ASTPackageDeclaration#getPackageNameImage
,ASTTypeParameter#getParameterName
and the corresponding XPath attributes. In both cases they’re replaced with a new methodgetName
, the attribute is@Name
.ASTClassOrInterfaceBody#isAnonymousInnerClass
, andASTClassOrInterfaceBody#isEnumChild
, refs #905
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
net.sourceforge.pmd.lang.ecmascript.Ecmascript3Handler
net.sourceforge.pmd.lang.ecmascript.Ecmascript3Parser
EcmascriptParser#parserOptions
EcmascriptParser#getSuppressMap
net.sourceforge.pmd.lang.rule.ParametricRuleViolation
ParserOptions#suppressMarker
net.sourceforge.pmd.lang.modelica.rule.ModelicaRuleViolationFactory
External Contributions
- #2864: [vf] Provide expression type information to Visualforce rules to avoid false positives - Jeff Bartolotta
- #2914: [core] Include rule name in text renderer - Gunther Schrijvers
- #2925: Cleanup: Correct annotation array initializer indents from checkstyle #8083 - Abhishek Kumar
- #2929: [scala] Add support for CPD-ON and CPD-OFF special comments - Andy Robinson
- #2936: [java] (doc) Fix typo: “an accessor” not “a” - Igor Moreno
- #2938: [cs] CPD: fix issue where ignoring using directives could not be disabled - Maikel Steneker
- #2945: [cs] Add option to ignore sequences of literals - Maikel Steneker
- #2962: [cpp] Add support for C++ 14 binary literals - Maikel Steneker
Stats
- 190 commits
- 25 closed tickets & PRs
- Days since last release: 49
24-October-2020 - 6.29.0
The PMD team is pleased to announce PMD 6.29.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated Apex Support
- The Apex language support has been bumped to version 50 (Winter ‘21). All new language features are now properly parsed and processed. Especially the Safe Navigation Operator is now supported. See also Salesforce Winter ‘21 Release Notes
New Rules
- The new Apex rule
OperationWithLimitsInLoop
(apex-performance
) finds operations in loops that may hit governor limits such as DML operations, SOQL queries and more. The rule replaces the three rules “AvoidDmlStatementsInLoops”, “AvoidSoqlInLoops”, and “AvoidSoslInLoops”.
Renamed Rules
- The Java rule
DoNotCallSystemExit
has been renamed toDoNotTerminateVM
, since it checks for all the following calls:System.exit(int)
,Runtime.exit(int)
,Runtime.halt(int)
. All these calls terminate the Java VM, which is bad, if the VM runs an application server which many independent applications.
Deprecated Rules
- The Apex rules
AvoidDmlStatementsInLoops
,AvoidSoqlInLoops
andAvoidSoslInLoops
(apex-performance
) are deprecated in favour of the new ruleOperationWithLimitsInLoop
. The deprecated rules will be removed with PMD 7.0.0.
Fixed Issues
- apex
- #2839: [apex] Apex classes with safe navigation operator from Winter 21 (50.0) are skipped
- apex-performance
- #1713: [apex] Mark Database DML statements in For Loop
- core
- #2831: [core] Fix XMLRenderer newlines when running under IBM Java
- java-errorprone
- miscellaneous
- #2823: [doc] Renamed/Moved rules are missing in documentation
- vf (Salesforce VisualForce)
- #2765: [vf] Attributes with dot cause a VfParseException
External Contributions
- #2803: [java] Improve DoNotCallSystemExit (Fixes #2157) - Vitaly Polonetsky
- #2809: [java] Move test config from file to test class - Stefan Birkner
- #2810: [core] Move method “renderTempFile” to XMLRendererTest - Stefan Birkner
- #2811: [java] CloseResource - Fix #2764: False-negative when re-assigning variable - Andi Pabst
- #2813: [core] Use JUnit’s TemporaryFolder rule - Stefan Birkner
- #2816: [apex] Detect ‘Database’ method invocations inside loops - Jeff Bartolotta
- #2829: [doc] Small correction in pmd_report_formats.md - Gustavo Krieger
- #2834: [vf] Allow attributes with dot in Visualforce - rmohan20
- #2842: [core] Bump antlr4 from 4.7 to 4.7.2 - Adrien Lecharpentier
- #2865: [java] (doc) Update ExcessiveImports example code for clarity - Gustavo Krieger
- #2866: [java] (doc) Fix example for CouplingBetweenObjects - Gustavo Krieger
Stats
- 50 commits
- 23 closed tickets & PRs
- Days since last release: 27
26-September-2020 - 6.28.0
The PMD team is pleased to announce PMD 6.28.0.
This is a minor release.
Table Of Contents
New and noteworthy
CPD’s AnyTokenizer has been improved
The AnyTokenizer is used for languages, that don’t have an own lexer/grammar based tokenizer. AnyTokenizer now handles string literals and end-of-line comments. Fortran, Perl and Ruby have been updated to use AnyTokenizer instead of their old custom tokenizer based on AbstractTokenizer. See #2758 for details.
AbstractTokenizer and the custom tokenizers of Fortran, Perl and Ruby are deprecated now.
Fixed Issues
- cpd
- apex-security
- #2774: [apex] ApexSharingViolations does not correlate sharing settings with class that contains data access
- java
- #2738: [java] Custom rule with @ExhaustiveEnumSwitch throws NPE
- #2755: [java] [6.27.0] Exception applying rule CloseResource on file … java.lang.NullPointerException
- #2756: [java] TypeTestUtil fails with NPE for anonymous class
- #2767: [java] IndexOutOfBoundsException when parsing an initializer BlockStatement
- #2783: [java] Error while parsing with lambda of custom interface
- java-bestpractices
- #2759: [java] False positive in UnusedAssignment
- java-design
- #2708: [java] False positive FinalFieldCouldBeStatic when using lombok Builder.Default
API Changes
Deprecated API
For removal
net.sourceforge.pmd.RuleViolationComparator
. UseRuleViolation#DEFAULT_COMPARATOR
instead.net.sourceforge.pmd.cpd.AbstractTokenizer
. Usenet.sourceforge.pmd.cpd.AnyTokenizer
instead.net.sourceforge.pmd.cpd.FortranTokenizer
. Was replaced by anAnyTokenizer
. UseFortranLanguage#getTokenizer
anyway.net.sourceforge.pmd.cpd.PerlTokenizer
. Was replaced by anAnyTokenizer
. UsePerlLanguage#getTokenizer
anyway.net.sourceforge.pmd.cpd.RubyTokenizer
. Was replaced by anAnyTokenizer
. UseRubyLanguage#getTokenizer
anyway.RuleReference#getOverriddenLanguage
andRuleReference#setLanguage
- Antlr4 generated lexers:
net.sourceforge.pmd.lang.cs.antlr4.CSharpLexer
will be moved to packagenet.sourceforge.pmd.lang.cs.ast
with PMD 7.net.sourceforge.pmd.lang.dart.antlr4.Dart2Lexer
will be renamed toDartLexer
and moved to packagenet.sourceforge.pmd.lang.dart.ast
with PMD 7. All other classes in the old package will be removed.net.sourceforge.pmd.lang.go.antlr4.GolangLexer
will be moved to packagenet.sourceforge.pmd.lang.go.ast
with PMD 7. All other classes in the old package will be removed.net.sourceforge.pmd.lang.kotlin.antlr4.Kotlin
will be renamed toKotlinLexer
and moved to packagenet.sourceforge.pmd.lang.kotlin.ast
with PMD 7.net.sourceforge.pmd.lang.lua.antlr4.LuaLexer
will be moved to packagenet.sourceforge.pmd.lang.lua.ast
with PMD 7. All other classes in the old package will be removed.
External Contributions
- #2735: [ci] Add github actions for a fast view of pr succeed/not - XenoAmess
- #2747: [java] Don’t trigger FinalFieldCouldBeStatic when field is annotated with lombok @Builder.Default - Ollie Abbey
- #2773: [java] issue-2738: Adding null check to avoid npe when switch case is default - Nimit Patel
- #2789: Add badge for reproducible build - Dan Rollo
- #2791: [apex] Analyze inner classes for sharing violations - Jeff Bartolotta
Stats
- 58 commits
- 24 closed tickets & PRs
- Days since last release: 25
31-August-2020 - 6.27.0
The PMD team is pleased to announce PMD 6.27.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 15 Support
This release of PMD brings support for Java 15. PMD can parse Text Blocks which have been promoted to be a standard language feature of Java.
PMD also supports Pattern Matching for instanceof, Records, and Sealed Classes.
Note: The Pattern Matching for instanceof, Records, and Sealed Classes are all preview language features of OpenJDK 15
and are not enabled by default. In order to
analyze a project with PMD that uses these language features, you’ll need to enable it via the environment
variable PMD_JAVA_OPTS
and select the new language version 15-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 15-preview ...
Note: Support for Java 13 preview language features have been removed. The version “13-preview” is no longer available.
Changes in how tab characters are handled
In the past, tab characters in source files has been handled differently in different languages by PMD. For instance in Java, tab characters had a width of 8 columns, while C# used only 1 column. Visualforce instead used 4 columns.
This has been unified now so that tab characters are consistently now always 1 column wide.
This however might be a incompatible change, if you’re using the properties “BeginColumn” or “EndColumn” additionally to “BeginLine” and “EndLine” of a Token/AST node in order to highlight where a rule violation occurred in the source file. If you have logic there that deals with tab characters, you most likely can remove this logic now, since tab characters are now just “normal” characters in terms of string processing.
See also [all] Ensure PMD/CPD uses tab width of 1 for tabs consistently #2656.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
New Rules
- The new Java rule
AvoidReassigningCatchVariables
(java-bestpractices
) finds cases where the variable of the caught exception is reassigned. This practice is surprising and prevents further evolution of the code like multi-catch.
Modified Rules
-
The Java rule
CloseResource
(java-errorprone
) has a new propertycloseNotInFinally
. With this property set totrue
the rule will also find calls to close a resource, which are not in a finally-block of a try-statement. If a resource is not closed within a finally block, it might not be closed at all in case of exceptions.As this new detection would yield many new violations, it is disabled by default. It might be enabled in a later version of PMD.
Deprecated Rules
- The Java rule
DataflowAnomalyAnalysis
(java-errorprone
) is deprecated in favour ofUnusedAssignment
(java-bestpractices
), which was introduced in PMD 6.26.0.
Fixed Issues
- core
- java
- #2646: [java] Support JDK 15
- java-bestpractices
- #2471: [java] New Rule: AvoidReassigningCatchVariables
- #2663: [java] NoClassDefFoundError on upgrade from 6.25.0 to 6.26.0
- #2668: [java] UnusedAssignment false positives
- #2673: [java] UnusedPrivateField and SingularField false positive with lombok annotation EqualsAndHashCode
- #2684: [java] UnusedAssignment FP in try/catch
- #2686: [java] UnusedAssignment must not flag abstract method parameters in interfaces and abstract classes
- java-design
- java-errorprone
- #2264: [java] SuspiciousEqualsMethodName: Improve description about error-prone overloading of equals()
- #2410: [java] ProperCloneImplementation not valid for final class
- #2431: [java] InvalidLogMessageFormatRule throws IndexOutOfBoundsException when only logging exception message
- #2439: [java] AvoidCatchingThrowable can not detect the case: catch (java.lang.Throwable t)
- #2470: [java] CloseResource false positive when resource included in return value
- #2531: [java] UnnecessaryCaseChange can not detect the case like: foo.equals(bar.toLowerCase())
- #2647: [java] Deprecate rule DataFlowAnomalyAnalysis
- java-performance
- dart
- #2750: [dart] [cpd] Cpd Dart escaped dollar
API Changes
- XML rule definition in rulesets: In PMD 7, the
language
attribute will be required on allrule
elements that declare a new rule. Some base rule classes set the language implicitly in their constructor, and so this is not required in all cases for the rule to work. But this behavior will be discontinued in PMD 7, so missinglanguage
attributes are now reported as a forward compatibility warning.
Deprecated API
For removal
Rule#getParserOptions
Parser#getParserOptions
AbstractParser
RuleContext#removeAttribute
RuleContext#getAttribute
RuleContext#setAttribute
ApexParserOptions
ASTThrowStatement#getFirstClassOrInterfaceTypeImage
EcmascriptParserOptions
EcmascriptXPathRule
XmlParserOptions
XmlXPathRule
-
Properties of
AbstractXmlRule
net.sourceforge.pmd.Report.ReadableDuration
-
Many methods of
net.sourceforge.pmd.Report
. They are replaced by accessors that produce a List. For example,iterator()
(and implementing Iterable) andisEmpty()
are both replaced bygetViolations()
. - The dataflow codebase is deprecated for removal in PMD 7. This includes all code in the following packages, and their subpackages:
ASTJspDeclarations
ASTJspDocument
ScalaParserVisitorAdapter#zero
ScalaParserVisitorAdapter#combine
ApexParserVisitorReducedAdapter
TypeHelper
is deprecated in favor ofTypeTestUtil
, which has the same functionality, but a slightly changed API.- Many of the classes in
net.sourceforge.pmd.lang.java.symboltable
are deprecated as internal API.
External Contributions
- #2656: [all] Ensure PMD/CPD uses tab width of 1 for tabs consistently - Maikel Steneker
- #2659: [java] StringToString can not detect the case: getStringMethod().toString() - Mykhailo Palahuta
- #2662: [java] UnnecessaryCaseChange can not detect the case like: foo.equals(bar.toLowerCase()) - Mykhailo Palahuta
- #2671: [java] CloseResource false positive when resource included in return value - Mykhailo Palahuta
- #2674: [java] add lombok.EqualsAndHashCode in AbstractLombokAwareRule - berkam
- #2677: [java] RedundantFieldInitializer can not detect a special case for char initialize:
char foo = '\0';
- Mykhailo Palahuta - #2678: [java] AvoidCatchingThrowable can not detect the case: catch (java.lang.Throwable t) - Mykhailo Palahuta
- #2679: [java] InvalidLogMessageFormatRule throws IndexOutOfBoundsException when only logging exception message - Mykhailo Palahuta
- #2682: [java] New Rule: AvoidReassigningCatchVariables - Mykhailo Palahuta
- #2697: [java] ExcessiveParameterListRule must ignore a private constructor - Mykhailo Palahuta
- #2699: [java] ProperCloneImplementation not valid for final class - Mykhailo Palahuta
- #2700: [java] Fix OnlyOneReturn code example - Jan-Lukas Else
- #2722: [doc] [java] ImmutableField: extend description, fixes #2108 - Mateusz Stefanski
- #2723: [doc] [java] SimplifyStartsWith: update description and example, fixes #1868 - Mateusz Stefanski
- #2724: [doc] [java] SuspiciousEqualsMethodName: update description, fixes #2264 - Mateusz Stefanski
- #2725: Cleanup: change valueOf to parse when we need primitive return value. - XenoAmess
- #2726: Cleanup: replace StringBuffer with StringBuilder - XenoAmess
- #2727: Cleanup: replace indexOf() < 0 with contains - XenoAmess
- #2728: Cleanup: javadoc issues - XenoAmess
- #2729: Cleanup: use print instead of printf if no format exists - XenoAmess
- #2730: Cleanup: StringBuilder issues - XenoAmess
- #2731: Cleanup: avoid compiling Patterns repeatedly - XenoAmess
- #2732: Cleanup: use StandardCharsets instead of Charset.forName - XenoAmess
- #2733: Cleanup: Collection::addAll issues - XenoAmess
- #2734: Cleanup: use try with resources - XenoAmess
- #2744: Cleanup: fix typos - XenoAmess
- #2745: [core] Fix a NPE in buildUsageText - XenoAmess
- #2749: [dart] [cpd] Improvements for Dart interpolated strings - Maikel Steneker
- #2750: [dart] [cpd] Cpd Dart escaped dollar - Maikel Steneker
Stats
- 189 commits
- 68 closed tickets & PRs
- Days since last release: 37
25-July-2020 - 6.26.0
The PMD team is pleased to announce PMD 6.26.0.
This is a minor release.
Table Of Contents
New and noteworthy
New Rules
- The new Java rule
UnusedAssignment
(java-bestpractices
) finds assignments to variables, that are never used and are useless. The new rule is supposed to entirely replaceDataflowAnomalyAnalysis
.
Modified rules
- The Java rule
ArrayIsStoredDirectly
(java-bestpractices
) now ignores by default private methods and constructors. You can restore the old behavior by setting the new propertyallowPrivate
to “false”.
Fixed Issues
- apex
- #2610: [apex] Support top-level enums in rules
- apex-bestpractices
- #2626: [apex] UnusedLocalVariable - false positive on case insensitivity allowed in Apex
- apex-performance
- #2598: [apex] AvoidSoqlInLoops false positive for SOQL with in For-Loop
- apex-security
- #2620: [visualforce] False positive on VfUnescapeEl with new Message Channel feature
- core
- java-bestpractices
- java-codestyle
- #2546: [java] DuplicateImports reported for the same import… and import static…
- java-design
- #2174: [java] LawOfDemeter: False positive with ‘this’ pointer
- #2181: [java] LawOfDemeter: False positive with indexed array access
- #2189: [java] LawOfDemeter: False positive when casting to derived class
- #2580: [java] AvoidThrowingNullPointerException marks all NullPointerException objects as wrong, whether or not thrown
- #2625: [java] NPathComplexity can’t handle switch expressions
- java-errorprone
- java-performance
API Changes
Deprecated API
For removal
RuleChainVisitor
and all implementations in language modulesAbstractRuleChainVisitor
Language#getRuleChainVisitorClass
BaseLanguageModule#<init>
ImportWrapper
External Contributions
- #2558: [java] Fix issue #1736 and issue #2207 - Young Chan
- #2560: [java] Fix false positives of LawOfDemeter: this and cast expressions - xioayuge
- #2590: Update libraries snyk is referring to as
unsafe
- Artem Krosheninnikov - #2597: [dependencies] Fix issue #2594, update exec-maven-plugin everywhere - Artem Krosheninnikov
- #2621: [visualforce] add new safe resource for VfUnescapeEl - Peter Chittum
- #2640: [java] NullPointerException in rule ProperCloneImplementation - Mykhailo Palahuta
- #2641: [java] AvoidThrowingNullPointerException marks all NullPointerException… - Mykhailo Palahuta
- #2643: [java] AvoidCallingFinalize detects some false positives (2578) - Mykhailo Palahuta
- #2651: [java] False negative: LiteralsFirstInComparisons for methods… (2569) - Mykhailo Palahuta
- #2652: [java] UseCollectionIsEmpty can not detect the case this.foo.size() - Mykhailo Palahuta
Stats
- 156 commits
- 43 closed tickets & PRs
- Days since last release: 28
27-June-2020 - 6.25.0
The PMD team is pleased to announce PMD 6.25.0.
This is a minor release.
Table Of Contents
New and noteworthy
Scala cross compilation
Up until now the PMD Scala module has been compiled against scala 2.13 only by default. However, this makes it impossible to use pmd as a library in scala projects, that use scala 2.12, e.g. in sbt plugins. Therefore PMD now provides cross compiled pmd-scala modules for both versions: scala 2.12 and scala 2.13.
The new modules have new maven artifactIds. The old artifactId net.sourceforge.pmd:pmd-scala:6.25.0
is still available, but is deprecated from now on. It has been demoted to be just a delegation to the new
pmd-scala_2.13
module and will be removed eventually.
The coordinates for the new modules are:
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-scala_2.12</artifactId>
<version>6.25.0</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-scala_2.13</artifactId>
<version>6.25.0</version>
</dependency>
The command line version of PMD continues to use scala 2.13.
New Rules
-
The new Java Rule
UnnecessaryCast
(java-codestyle
) finds casts that are unnecessary while accessing collection elements. -
The new Java Rule
AvoidCalendarDateCreation
(java-performance
) finds usages ofjava.util.Calendar
whose purpose is just to get the current date. This can be done in a more lightweight way. -
The new Java Rule
UseIOStreamsWithApacheCommonsFileItem
(java-performance
) finds usage ofFileItem.get()
andFileItem.getString()
. These two methods are problematic since they load the whole uploaded file into memory.
Modified rules
-
The Java rule
UseDiamondOperator
(java-codestyle
) now by default finds unnecessary usages of type parameters, which are nested, involve wildcards and are used within a ternary operator. These usages are usually only unnecessary with Java8 and later, when the type inference in Java has been improved.In order to avoid false positives when checking Java7 only code, the rule has the new property
java7Compatibility
, which is disabled by default. Settings this to “true” retains the old rule behaviour.
Fixed Issues
- apex-bestpractices
- #2554: [apex] Exception applying rule UnusedLocalVariable on trigger
- core
- #971: [apex][plsql][java] Deprecate overly specific base rule classes
- #2451: [core] Deprecate support for List attributes with XPath 2.0
- #2599: [core] Fix XPath 2.0 Rule Chain Analyzer with Unions
- #2483: [lang-test] Support cpd tests based on text comparison. For details see Testing your implementation in the developer documentation.
- c#
- #2551: [c#] CPD suppression with comments doesn’t work
- cpp
- #1757: [cpp] Support unicode characters
- java
- #2549: [java] Auxclasspath in PMD CLI does not support relative file path
- java-codestyle
- java-design
- java-errorprone
- #2544: [java] UseProperClassLoader can not detect the case with method call on intermediate variable
- java-performance
- scala
- #2547: [scala] Add cross compilation for scala 2.12 and 2.13
API Changes
-
The maven module
net.sourceforge.pmd:pmd-scala
is deprecated. Usenet.sourceforge.pmd:pmd-scala_2.13
ornet.sourceforge.pmd:pmd-scala_2.12
instead. -
Rule implementation classes are internal API and should not be used by clients directly. The rules should only be referenced via their entry in the corresponding category ruleset (e.g.
<rule ref="category/java/bestpractices.xml/AbstractClassWithoutAbstractMethod" />
).While we definitely won’t move or rename the rule classes in PMD 6.x, we might consider changes in PMD 7.0.0 and onwards.
Deprecated APIs
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
AbstractIgnoredAnnotationRule
(Java)AbstractInefficientZeroCheck
(Java)AbstractJUnitRule
(Java)AbstractJavaMetricsRule
(Java)AbstractLombokAwareRule
(Java)AbstractPoorMethodCall
(Java)AbstractSunSecureRule
(Java)AbstractNcssCountRule
(Java)AbstractCommentRule
(Java)AbstractOptimizationRule
(Java)RegexHelper
(Java)AbstractApexUnitTestRule
(Apex)AbstractNcssCountRule
(Apex)AbstractNcssCountRule
(PLSQL)ApexParser
ApexHandler
RuleChain
RuleSets
RulesetsFactoryUtils#getRuleSets
For removal
TokenEntry#TokenEntry
AbstractTokenizerTest
. Use CpdTextComparisonTest in module pmd-lang-test instead. For details see Testing your implementation in the developer documentation.ASTAnnotation#suppresses
(Apex)ApexXPathRule
(Apex)SymbolTableTestRule
(Java)InefficientStringBufferingRule#isInStringBufferOperation
External Contributions
- #1932: [java] Added 4 performance rules originating from PMD-jPinpoint-rules - Jeroen Borgers
- #2349: [java] Optimize UnusedPrivateMethodRule - shilko2013
- #2547: [scala] Add cross compilation for scala 2.12 and 2.13 - João Ferreira
- #2567: [c#] Fix CPD suppression with comments doesn’t work - Lixon Lookose
- #2573: [java] DefaultPackage: Allow package default JUnit 5 Test methods - Craig Andrews
- #2593: [java] NPathComplexity should mention the expected NPath complexity - Artem Krosheninnikov
Stats
- 135 commits
- 31 closed tickets & PRs
- Days since last release: 33
24-May-2020 - 6.24.0
The PMD team is pleased to announce PMD 6.24.0.
This is a minor release.
Table Of Contents
New and noteworthy
CPD now supports XML as well
Thanks to Fernando Cosso CPD can now find duplicates in XML files as well. This is useful to find duplicated sections in XML files.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
New Rules
-
The new Java Rule
LiteralsFirstInComparisons
(java-bestpractices
) find String literals, that are used in comparisons and are not positioned first. Using the String literal as the receiver of e.g.equals
helps to avoid NullPointerExceptions.This rule is replacing the two old rules
PositionLiteralsFirstInComparisons
andPositionLiteralsFirstInCaseInsensitiveComparisons
and extends the check for the methodscompareTo
,compareToIgnoreCase
andcontentEquals
in addition toequals
andequalsIgnoreCase
.Note: This rule also replaces the two mentioned rules in Java’s quickstart ruleset.
Deprecated Rules
- The two Java rules
PositionLiteralsFirstInComparisons
andPositionLiteralsFirstInCaseInsensitiveComparisons
have been deprecated in favor of the new ruleLiteralsFirstInComparisons
.
Fixed Issues
- apex-bestpractices
- #2468: [apex] Unused Local Variable fails on blocks
- core
- c#
- #2495: [c#] Support for interpolated verbatim strings
- java
- #2472: [java] JavaCharStream throws an Error on invalid escape
- java-bestpractices
- #2145: [java] Deprecate rules PositionLiteralsFirstIn(CaseInsensitive)Comparisons in favor of LiteralsFirstInComparisons
- #2288: [java] JUnitTestsShouldIncludeAssert: Add support for Hamcrest MatcherAssert.assertThat
- #2437: [java] AvoidPrintStackTrace can’t detect the case e.getCause().printStackTrace()
- java-codestyle
- #2476: [java] MethodNamingConventions - Add support for JUnit 5 method naming
- java-errorprone
- #2477: [java] JUnitSpelling false-positive for JUnit5/4 tests
- swift
- #2473: [swift] Swift 5 (up to 5.2) support for CPD
API Changes
Deprecated APIs
BaseLanguageModule#addVersion(String, LanguageVersionHandler, boolean)
- Some members of
TokenMgrError
, in particular, a new constructor is available that should be preferred to the old ones AntlrTokenManager.ANTLRSyntaxError
Experimental APIs
Note: Experimental APIs are identified with the annotation Experimental
,
see its javadoc for details
- The experimental methods in
BaseLanguageModule
have been replaced by a definitive API.
External Contributions
- #2446: [core] Update maven-compiler-plugin to 3.8.1 - Artem Krosheninnikov
- #2448: [java] Operator Wrap check - Harsh Kukreja
- #2449: [plsql] Additional info in SqlStatement, FormalParameter and FetchStatement - Grzegorz Sudolski
- #2452: [doc] Fix “Making Rulesets” doc sample code indentation - Artur Dryomov
- #2457: [xml] Adding XML to CPD supported languages - Fernando Cosso
- #2465: [dependencies] Upgrade hamcrest, mockito and JUnit - Artem Krosheninnikov
- #2469: [apex] fix false positive unused variable if only a method is called - Gwilym Kuiper
- #2475: [swift] Swift 4.2-5.2 support - kenji21
- #2476: [java] MethodNamingConventions - Add support for JUnit 5 method naming - Bruno Ritz
- #2478: [java] New rule: LiteralsFirstInComparisons - John-Teng
- #2479: [java] False positive with Hamcrest’s assertThat - andreoss
- #2481: [java] Fix JUnitSpellingRule false positive - Artem Krosheninnikov
- #2493: [java] Deprecate redundant String Comparison rules - John-Teng
- #2495: [c#] Support for interpolated verbatim strings - Maikel Steneker
Stats
- 114 commits
- 29 closed tickets & PRs
- Days since last release: 30
24-April-2020 - 6.23.0
The PMD team is pleased to announce PMD 6.23.0.
This is a minor release.
Table Of Contents
New and noteworthy
PMD adopts Contributor Code of Conduct
To facilitate healthy and constructive community behavior PMD adopts Contributor Convenant as its code of conduct.
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
You can find the code of conduct in the file code_of_conduct.md in our repository.
Performance improvements for XPath 2.0 rules
XPath rules written with XPath 2.0 now support conversion to a rulechain rule, which
improves their performance. The rulechain is a mechanism that allows several rules
to be executed in a single tree traversal. Conversion to the rulechain is possible if
your XPath expression looks like //someNode/... | //someOtherNode/... | ...
, that
is, a union of one or more path expressions that start with //
. Instead of traversing
the whole tree once per path expression (and per rule), a single traversal executes all
rules in your ruleset as needed.
This conversion is performed automatically and cannot be disabled. The conversion should not change the result of your rules, if it does, please report a bug at https://github.com/pmd/pmd/issues
Note that XPath 1.0 support, the default XPath version, is deprecated since PMD 6.22.0. We highly recommend that you upgrade your rules to XPath 2.0. Please refer to the migration guide.
Javascript improvements for ES6
PMD uses the Rhino library to parse Javascript.
The default version has been set to ES6
, so that some ECMAScript 2015 features are
supported. E.g. let
statements and for-of
loops are now parsed. However Rhino does
not support all features.
New JSON renderer
PMD now supports a JSON renderer (use it with -f json
on the CLI).
See the documentation and example
New Rules
-
The new Apex rule
FieldDeclarationsShouldBeAtStart
(apex-codestyle
) helps to ensure that field declarations are always at the beginning of a class. -
The new Apex rule
UnusedLocalVariable
(apex-bestpractices
) detects unused local variables.
Fixed Issues
- apex-design
- #2358: [apex] Invalid Apex in Cognitive Complexity tests
- apex-security
- core
- doc
- java
- #2378: [java] AbstractJUnitRule has bad performance on large code bases
- java-bestpractices
- #2398: [java] AbstractClassWithoutAbstractMethod false negative with inner abstract classes
- java-codestyle
- java-design
- #2390: [java] AbstractClassWithoutAnyMethod: missing violation for nested classes
- java-errorprone
- #2402: [java] CloseResource possible false positive with Primitive Streams
- java-multithreading
- #2313: [java] Documentation for DoNotUseThreads is outdated
- javascript
- javascript-errorprone
- #384: [javascript] Trailing commas not detected on French default locale
API Changes
Deprecated APIs
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
In ASTs
As part of the changes we’d like to do to AST classes for 7.0.0, we would like to hide some methods and constructors that rule writers should not have access to. The following usages are now deprecated in the Apex, Javascript, PL/SQL, Scala and Visualforce ASTs:
- Manual instantiation of nodes. Constructors of node classes are deprecated and
marked
InternalApi
. Nodes should only be obtained from the parser, which for rules, means that they never need to instantiate node themselves. Those constructors will be made package private with 7.0.0. - Subclassing of abstract node classes, or usage of their type. The base classes are internal API and will be hidden in version 7.0.0. You should not couple your code to them.
- Setters found in any node class or interface. Rules should consider the AST immutable. We will make those setters package private with 7.0.0.
- The implementation classes of
Parser
(egVfParser
) are deprecated and should not be used directly. UseLanguageVersionHandler#getParser
instead. - The implementation classes of
TokenManager
(egVfTokenManager
) are deprecated and should not be used outside of our implementation. This also affects CPD-only modules.
These deprecations are added to the following language modules in this release. Please look at the package documentation to find out the full list of deprecations.
- Apex:
net.sourceforge.pmd.lang.apex.ast
- Javascript:
net.sourceforge.pmd.lang.ecmascript.ast
- PL/SQL:
net.sourceforge.pmd.lang.plsql.ast
- Scala:
net.sourceforge.pmd.lang.scala.ast
- Visualforce:
net.sourceforge.pmd.lang.vf.ast
These deprecations have already been rolled out in a previous version for the following languages:
- Java:
net.sourceforge.pmd.lang.java.ast
- Java Server Pages:
net.sourceforge.pmd.lang.jsp.ast
- Velocity Template Language:
net.sourceforge.pmd.lang.vm.ast
Outside of these packages, these changes also concern the following TokenManager implementations, and their corresponding Parser if it exists (in the same package):
CppTokenManager
JavaTokenManager
Ecmascript5TokenManager
JspTokenManager
MatlabTokenManager
ModelicaTokenManager
ObjectiveCTokenManager
PLSQLTokenManager
PythonTokenManager
VfTokenManager
VmTokenManager
In the Java AST the following attributes are deprecated and will issue a warning when used in XPath rules:
ASTAdditiveExpression#getImage
- usegetOperator()
insteadASTVariableDeclaratorId#getImage
- usegetName()
insteadASTVariableDeclaratorId#getVariableName
- usegetName()
instead
For removal
Parser#getTokenManager
TokenManager#setFileName
AbstractTokenManager#setFileName
AbstractTokenManager#getFileName
AntlrToken#getType
- usegetKind()
instead.ImmutableLanguage
MockRule
Node#getFirstParentOfAnyType
Node#getAsDocument
AbstractNode#hasDescendantOfAnyType
ASTRecordDeclaration#getComponentList
- Multiple fields, constructors and methods in
XPathRule
. See javadoc for details.
External Contributions
- #2312: [apex] Update ApexCRUDViolation Rule - Joshua S Arquilevich
- #2314: [doc] maven integration - Add version to plugin - Pham Hai Trung
- #2353: [plsql] xmlforest with optional AS - Piotr Szymanski
- #2383: [apex] Fix invalid apex in documentation - Gwilym Kuiper
- #2395: [apex] New Rule: Unused local variables - Gwilym Kuiper
- #2396: [apex] New rule: field declarations should be at start - Gwilym Kuiper
- #2397: [apex] fixed WITH SECURITY_ENFORCED regex to recognise line break characters - Kieran Black
- #2401: [doc] Update DoNotUseThreads rule documentation - Saikat Sengupta
- #2403: [java] #2402 fix false-positives on Primitive Streams - Bernd Farka
- #2409: [java] ClassNamingConventions suggests to add Util for class containing only static constants, fixes #1164 - Binu R J
- #2411: [java] Fix UseAssertEqualsInsteadOfAssertTrue Example - Moritz Scheve
- #2423: [core] Fix Checkstyle OperatorWrap in AbstractTokenizer - Harsh Kukreja
- #2432: [core] Close ZIP data sources even if a runtime exception or error is thrown - Gonzalo Exequiel Ibars Ingman
Stats
- 237 commits
- 64 closed tickets & PRs
- Days since last release: 42
12-March-2020 - 6.22.0
The PMD team is pleased to announce PMD 6.22.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 14 Support
This release of PMD brings support for Java 14. PMD can parse Switch Expressions, which have been promoted to be a standard language feature of Java.
PMD also parses Text Blocks as String literals, which is still a preview language feature in Java 14.
The new Pattern Matching for instanceof can be used as well as Records.
Note: The Text Blocks, Pattern Matching for instanceof and Records are all preview language features of OpenJDK 14
and are not enabled by default. In order to
analyze a project with PMD that uses these language features, you’ll need to enable it via the environment
variable PMD_JAVA_OPTS
and select the new language version 14-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 14-preview ...
Note: Support for the extended break statement introduced in Java 12 as a preview language feature has been removed from PMD with this version. The version “12-preview” is no longer available.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
Apex Suppressions
In addition to suppressing violation with the @SuppressWarnings
annotation, Apex now also supports
the suppressions with a NOPMD
comment. See Suppressing warnings.
Improved CPD support for C#
The C# tokenizer is now based on an antlr grammar instead of a manual written tokenizer. This should give more accurate results and especially fixes the problems with the using statement syntax (see #2139).
XPath Rules
See the new documentation about Writing XPath Rules.
Note: As of PMD version 6.22.0, XPath versions 1.0 and the 1.0 compatibility mode are deprecated. XPath 2.0 is superior in many ways, for example for its support for type checking, sequence values, or quantified expressions. For a detailed but approachable review of the features of XPath 2.0 and above, see the Saxon documentation.
New Rules
-
The Rule
CognitiveComplexity
(apex-design
) finds methods and classes that are highly complex and therefore difficult to read and more costly to maintain. In contrast to cyclomatic complexity, this rule uses “Cognitive Complexity”, which is a measure of how difficult it is for humans to read and understand a method. -
The Rule
TestMethodsMustBeInTestClasses
(apex-errorprone
) finds test methods that are not residing in a test class. The test methods should be moved to a proper test class. Support for tests inside functional classes was removed in Spring-13 (API Version 27.0), making classes that violate this rule fail compile-time. This rule is however useful when dealing with legacy code.
Fixed Issues
- apex
- apex-design
- #2162: [apex] Cognitive Complexity rule
- apex-errorprone
- #639: [apex] Test methods should not be in classes other than test classes
- cs
- #2139: [cs] CPD doesn’t understand alternate using statement syntax with C# 8.0
- doc
- #2274: [doc] Java API documentation for PMD
- java
- java-bestpractices
- #2277: [java] FP in UnusedImports for ambiguous static on-demand imports
- java-design
- #911: [java] UselessOverridingMethod false positive when elevating access modifier
- java-errorprone
- java-performance
- #2275: [java] AppendCharacterWithChar flags literals in an expression
- plsql
- #2325: [plsql] NullPointerException while running parsing test for CREATE TRIGGER
- #2327: [plsql] Parsing of WHERE CURRENT OF
- #2328: [plsql] Support XMLROOT
- #2331: [plsql] Fix in Comment statement
- #2332: [plsql] Fixed Execute Immediate statement parsing
- #2340: [plsql] Fixed parsing / as divide or execute
API Changes
Deprecated APIs
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
JavaLanguageHandler
JavaLanguageParser
JavaDataFlowHandler
- Implementations of
RuleViolationFactory
in each language module, egJavaRuleViolationFactory
. See javadoc ofRuleViolationFactory
. -
Implementations of
RuleViolation
in each language module, egJavaRuleViolation
. See javadoc ofRuleViolation
. RuleFactory
RuleBuilder
- Constructors of
RuleSetFactory
, use factory methods fromRulesetsFactoryUtils
instead AbstractApexNode
AbstractApexNodeBase
, and the relatedvisit
methods onApexParserVisitor
and its implementations. UseApexNode
instead, now considers comments too.
For removal
- pmd-core
DFAGraphRule
and its implementationsDFAGraphMethod
- Many methods on the
Node
interface andAbstractNode
base class. See their javadoc for details. Node#isFindBoundary
is deprecated for XPath queries.- Many APIs of
net.sourceforge.pmd.lang.metrics
, though most of them were internal and probably not used directly outside of PMD. UseMetricsUtil
as a replacement for the language-specific façades too. QualifiableNode
,QualifiedName
- pmd-java
AbstractJavaParser
AbstractJavaHandler
ASTAnyTypeDeclaration.TypeKind
ASTAnyTypeDeclaration#getKind
JavaQualifiedName
ASTCatchStatement#getBlock
ASTCompilationUnit#declarationsAreInDefaultPackage
JavaQualifiableNode
net.sourceforge.pmd.lang.java.qname
and its contentsMethodLikeNode
- Its methods will also be removed from its implementations,
ASTMethodOrConstructorDeclaration
,ASTLambdaExpression
.
- Its methods will also be removed from its implementations,
ASTAnyTypeDeclaration#getImage
will be removed. Please usegetSimpleName()
instead. This affectsASTAnnotationTypeDeclaration#getImage
,ASTClassOrInterfaceDeclaration#getImage
, andASTEnumDeclaration#getImage
.- Several methods of
ASTTryStatement
, replacements with other names have been added. This includes the XPath attribute@Finally
, replace it with a test forchild::FinallyStatement
. - Several methods named
getGuardExpressionNode
are replaced withgetCondition
. This affects the following nodes: WhileStatement, DoStatement, ForStatement, IfStatement, AssertStatement, ConditionalExpression. ASTYieldStatement
will not implementTypeNode
anymore come 7.0.0. Test the type of the expression nested within it.JavaMetrics
,JavaMetricsComputer
ASTArguments#getArgumentCount
. Usesize
instead.ASTFormalParameters#getParameterCount
. Usesize
instead.
- pmd-apex
In ASTs (JSP)
As part of the changes we’d like to do to AST classes for 7.0.0, we would like to hide some methods and constructors that rule writers should not have access to. The following usages are now deprecated in the JSP AST (with other languages to come):
- Manual instantiation of nodes. Constructors of node classes are deprecated and
marked
InternalApi
. Nodes should only be obtained from the parser, which for rules, means that they never need to instantiate node themselves. Those constructors will be made package private with 7.0.0. - Subclassing of abstract node classes, or usage of their type. The base classes are internal API and will be hidden in version 7.0.0. You should not couple your code to them.
- Setters found in any node class or interface. Rules should consider the AST immutable. We will make those setters package private with 7.0.0.
- The class
JspParser
is deprecated and should not be used directly. UseLanguageVersionHandler#getParser
instead.
Please look at net.sourceforge.pmd.lang.jsp.ast
to find out the full list of deprecations.
In ASTs (Velocity)
As part of the changes we’d like to do to AST classes for 7.0.0, we would like to hide some methods and constructors that rule writers should not have access to. The following usages are now deprecated in the VM AST (with other languages to come):
- Manual instantiation of nodes. Constructors of node classes are deprecated and
marked
InternalApi
. Nodes should only be obtained from the parser, which for rules, means that they never need to instantiate node themselves. Those constructors will be made package private with 7.0.0. - Subclassing of abstract node classes, or usage of their type. The base classes are internal API and will be hidden in version 7.0.0. You should not couple your code to them.
- Setters found in any node class or interface. Rules should consider the AST immutable. We will make those setters package private with 7.0.0.
- The package
net.sourceforge.pmd.lang.vm.directive
as well as the classesDirectiveMapper
andLogUtil
are deprecated for removal. They were only used internally during parsing. - The class
VmParser
is deprecated and should not be used directly. UseLanguageVersionHandler#getParser
instead.
Please look at net.sourceforge.pmd.lang.vm.ast
to find out the full list of deprecations.
PLSQL AST
The production and node ASTCursorBody
was unnecessary, not used and has been removed. Cursors have been already
parsed as ASTCursorSpecification
.
External Contributions
- #2251: [java] FP for InvalidLogMessageFormat when using slf4j-Markers - Kris Scheibe
- #2253: [modelica] Remove duplicated dependencies - Piotrek Żygieło
- #2256: [doc] Corrected XML attributes in release notes - Maikel Steneker
- #2276: [java] AppendCharacterWithCharRule ignore literals in expressions - Kris Scheibe
- #2278: [java] fix UnusedImports rule for ambiguous static on-demand imports - Kris Scheibe
- #2279: [apex] Add support for suppressing violations using the // NOPMD comment - Gwilym Kuiper
- #2280: [cs] CPD: Replace C# tokenizer by an Antlr-based one - Maikel Steneker
- #2297: [apex] Cognitive complexity metrics - Gwilym Kuiper
- #2317: [apex] New Rule - Test Methods Must Be In Test Classes - Brian Nørremark
- #2321: [apex] Support switch statements correctly in Cognitive Complexity - Gwilym Kuiper
- #2326: [plsql] Added XML functions to parser: extract(xml), xml_root and fixed xml_forest - Piotr Szymanski
- #2327: [plsql] Parsing of WHERE CURRENT OF added - Piotr Szymanski
- #2331: [plsql] Fix in Comment statement - Piotr Szymanski
- #2332: [plsql] Fixed Execute Immediate statement parsing - Piotr Szymanski
- #2338: [cs] CPD: fixes in filtering of using directives - Maikel Steneker
- #2339: [cs] CPD: Fixed CPD –ignore-usings option - Maikel Steneker
- #2340: [plsql] fix for parsing / as divide or execute - Piotr Szymanski
- #2342: [xml] Update property used in example - Piotrek Żygieło
- #2344: [doc] Update ruleset examples for ant - Piotrek Żygieło
- #2343: [ci] Disable checking for snapshots in jcenter - Piotrek Żygieło
24-January-2020 - 6.21.0
The PMD team is pleased to announce PMD 6.21.0.
This is a minor release.
Table Of Contents
New and noteworthy
Modelica support
Thanks to Anatoly Trosinenko PMD supports now a new language: Modelica is a language to model complex physical systems. Both PMD and CPD are supported and there are already 3 rules available. The PMD Designer supports syntax highlighting for Modelica.
While the language implementation is quite complete, Modelica support is considered experimental for now. This is to allow us to change the rule API (e.g. the AST classes) slightly and improve the implementation based on your feedback.
Simple XML dump of AST
We added a experimental feature to dump the AST of a source file into XML. The XML format is of course PMD specific and language dependent. That XML file can be used to execute (XPath) queries against without PMD. It can also be used as a textual visualization of the AST if you don’t want to use the Designer.
This feature is experimental and might change or even be removed in the future, if it is not useful. A short description how to use it is available under Creating XML dump of the AST.
Any feedback about it, especially about your use cases, is highly appreciated.
Updated Apex Support
- The Apex language support has been bumped to version 48 (Spring ‘20). All new language features are now properly parsed and processed.
CPD XML format
The CPD XML output format has been enhanced to also report column information for found duplications in addition to the line information. This allows to display the exact tokens, that are considered duplicate.
If a CPD language doesn’t provide these exact information, then these additional attributes are omitted.
Each <file>
element in the XML format now has 3 new attributes:
- attribute
endline
- attribute
column
(if there is column information available) - attribute
endcolumn
(if there is column information available)
Modified Rules
-
The Java rule
AvoidLiteralsInIfCondition
(java-errorprone
) has a new propertyignoreExpressions
. This property is set by default totrue
in order to maintain compatibility. If this property is set to false, then literals in more complex expressions are considered as well. -
The Apex rule
ApexCSRF
(apex-errorprone
) has been moved from category “Security” to “Error Prone”. The Apex runtime already prevents DML statements from being executed, but only at runtime. So, if you try to do this, you’ll get an error at runtime, hence this is error prone. See also the discussion on #2064. -
The Java rule
CommentRequired
(java-documentation
) has a new propertyclassCommentRequirement
. This replaces the now deprecated propertyheaderCommentRequirement
, since the name was misleading. (File) header comments are not checked, but class comments are.
Fixed Issues
- apex
- #2208: [apex] ASTFormalComment should implement ApexNode<T>
- core
- #1984: [java] Cyclomatic complexity is misreported (lack of clearing metrics cache)
- #2006: [core] PMD should warn about multiple instances of the same rule in a ruleset
- #2161: [core] ResourceLoader is deprecated and marked as internal but is exposed
- #2170: [core] DocumentFile doesn’t preserve newlines
- doc
- #2214: [doc] Link broken in pmd documentation for writing Xpath rules
- java
- #2212: [java] JavaRuleViolation reports wrong class name
- java-bestpractices
- #2149: [java] JUnitAssertionsShouldIncludeMessage - False positive with assertEquals and JUnit5
- java-codestyle
- #2167: [java] UnnecessaryLocalBeforeReturn false positive with variable captured by method reference
- java-documentation
- #1683: [java] CommentRequired property names are inconsistent
- java-errorprone
- java-performance
- #2141: [java] StringInstatiation: False negative with String-array access
- plsql
API Changes
Deprecated APIs
Internal API
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
JavaLanguageHandler
JavaLanguageParser
JavaDataFlowHandler
- Implementations of
RuleViolationFactory
in each language module, egJavaRuleViolationFactory
. See javadoc ofRuleViolationFactory
. -
Implementations of
RuleViolation
in each language module, egJavaRuleViolation
. See javadoc ofRuleViolation
. RuleFactory
RuleBuilder
- Constructors of
RuleSetFactory
, use factory methods fromRulesetsFactoryUtils
instead AbstractApexNode
-
AbstractApexNodeBase
, and the relatedvisit
methods onApexParserVisitor
and its implementations. UseApexNode
instead, now considers comments too. CharStream
,JavaCharStream
,SimpleCharStream
: these are APIs used by our JavaCC implementations and that will be moved/refactored for PMD 7.0.0. They should not be used, extended or implemented directly.- All classes generated by JavaCC, eg
JJTJavaParserState
. This includes token classes, which will be replaced with a single implementation, and subclasses ofParseException
, whose usages will be replaced by just that superclass.
For removal
- pmd-core
- Many methods on the
Node
interface andAbstractNode
base class. See their javadoc for details. Node#isFindBoundary
is deprecated for XPath queries.
- Many methods on the
- pmd-java
AbstractJavaParser
AbstractJavaHandler
ASTAnyTypeDeclaration.TypeKind
ASTAnyTypeDeclaration#getKind
JavaQualifiedName
ASTCatchStatement#getBlock
ASTCompilationUnit#declarationsAreInDefaultPackage
JavaQualifiableNode
net.sourceforge.pmd.lang.java.qname
and its contentsMethodLikeNode
- Its methods will also be removed from its implementations,
ASTMethodOrConstructorDeclaration
,ASTLambdaExpression
.
- Its methods will also be removed from its implementations,
ASTAnyTypeDeclaration#getImage
will be removed. Please usegetSimpleName()
instead. This affectsASTAnnotationTypeDeclaration#getImage
,ASTClassOrInterfaceDeclaration#getImage
, andASTEnumDeclaration#getImage
.- Several methods of
ASTTryStatement
, replacements with other names have been added. This includes the XPath attribute@Finally
, replace it with a test forchild::FinallyStatement
. - Several methods named
getGuardExpressionNode
are replaced withgetCondition
. This affects the following nodes: WhileStatement, DoStatement, ForStatement, IfStatement, AssertStatement, ConditionalExpression. ASTYieldStatement
will not implementTypeNode
anymore come 7.0.0. Test the type of the expression nested within it.
External Contributions
- #2041: [modelica] Initial implementation for PMD - Anatoly Trosinenko
- #2051: [doc] Update the docs on adding a new language - Anatoly Trosinenko
- #2069: [java] CommentRequired: make property names consistent - snuyanzin
- #2169: [modelica] Follow-up fixes for Modelica language module - Anatoly Trosinenko
- #2193: [core] Fix odd logic in test runner - Egor Bredikhin
- #2194: [java] Fix odd logic in AvoidUsingHardCodedIPRule - Egor Bredikhin
- #2195: [modelica] Normalize invalid node ranges - Anatoly Trosinenko
- #2199: [modelica] Fix Javadoc tags - Anatoly Trosinenko
- #2225: [core] CPD: report endLine / column informations for found duplications - Maikel Steneker
29-November-2019 - 6.20.0
The PMD team is pleased to announce PMD 6.20.0.
This is a minor release.
Table Of Contents
Fixed Issues
- apex
- core
- java
- java-bestpractices
- #2016: [java] UnusedImports: False positive if wildcard is used and only static methods
- java-codestyle
- java-design
- java-errorprone
- #2102: [java] False positive MissingStaticMethodInNonInstantiatableClass when inheritors are instantiable
External Contributions
- #2088: [java] Add more version shortcuts for older java - Henning Schmiedehausen
- #2089: [core] Minor unrelated improvements to code - Gonzalo Exequiel Ibars Ingman
- #2091: [core] Fix pmd warnings (IdenticalCatchCases) - Gonzalo Exequiel Ibars Ingman
- #2106: [java] Wrong name for inner classes - Andi Pabst
- #2121: [java] Predicates treated like booleans - Ozan Gulle
31-October-2019 - 6.19.0
The PMD team is pleased to announce PMD 6.19.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
Java Metrics
- The new metric “Class Fan Out Complexity” has been added. See Java Metrics Documentation for details.
Modified Rules
-
The Java rules
InvalidLogMessageFormat
andMoreThanOneLogger
(java-errorprone
) now both support Log4j2. Note that the rule “InvalidSlf4jMessageFormat” has been renamed to “InvalidLogMessageFormat” to reflect the fact, that it now supports more than slf4j. -
The Java rule
LawOfDemeter
(java-design
) ignores now also Builders, that are not assigned to a local variable, but just directly used within a method call chain. The method, that creates the builder needs to end with “Builder”, e.g.newBuilder()
orinitBuilder()
works. This change fixes a couple of false positives. -
The Java rule
DataflowAnomalyAnalysis
(java-errorprone
) doesn’t check for UR anomalies (undefined and then referenced) anymore. These checks were all false-positives, since actual UR occurrences would lead to compile errors. -
The java rule
DoNotUseThreads
(java-multithreading
) has been changed to not report usages ofjava.lang.Runnable
anymore. Just usingRunnable
does not automatically create a new thread. While the check forRunnable
has been removed, the rule now additionally checks for usages ofExecutors
andExecutorService
. Both create new threads, which are not managed by a J2EE server.
Renamed Rules
- The Java rule
InvalidSlf4jMessageFormat
has been renamed toInvalidLogMessageFormat
since it supports now both slf4j and log4j2 message formats.
Fixed Issues
- core
- #1978: [core] PMD fails on excluding unknown rules
- #2014: [core] Making add(SourceCode sourceCode) public for alternative file systems
- #2020: [core] Wrong deprecation warnings for unused XPath attributes
- #2036: [core] Wrong include/exclude patterns are silently ignored
- #2048: [core] Enable type resolution by default for XPath rules
- #2067: [core] Build issue on Windows
- #2068: [core] Rule loader should use the same resources loader for the ruleset
- #2071: [ci] Add travis build on windows
- #2072: [test][core] Not enough info in “test setup error” when numbers of lines do not match
- #2082: [core] Incorrect logging of deprecated/renamed rules
- java
- #2042: [java] PMD crashes with ClassFormatError: Absent Code attribute…
- java-bestpractices
- java-codestyle
- #2017: [java] UnnecessaryFullyQualifiedName triggered for inner class
- java-design
- #1912: [java] Metrics not computed correctly with annotations
- java-errorprone
- java-multithreading
- #1627: [java] DoNotUseThreads should not warn on Runnable
- doc
- #2058: [doc] CLI reference for
-norulesetcompatibility
shows a boolean default value
- #2058: [doc] CLI reference for
API Changes
Deprecated APIs
For removal
- pmd-core
- All the package
net.sourceforge.pmd.dcd
and its subpackages. SeeDCD
. - In
LanguageRegistry
: RuleSet#getExcludePatterns
. Use the new methodgetFileExclusions
instead.RuleSet#getIncludePatterns
. Use the new methodgetFileInclusions
instead.Parser#canParse
Parser#getSuppressMap
RuleBuilder#RuleBuilder
. Use the new constructor with the correct ResourceLoader instead.RuleFactory#RuleFactory
. Use the new constructor with the correct ResourceLoader instead.
- All the package
- pmd-java
CanSuppressWarnings
and its implementationsisSuppressed
getDeclaringType
.isSupressed
ASTMethodDeclarator
getMethodName
getBlock
getParameterCount
- pmd-apex
CanSuppressWarnings
and its implementationsisSupressed
Internal APIs
- pmd-core
- All the package
net.sourceforge.pmd.util
and its subpackages, exceptnet.sourceforge.pmd.util.datasource
andnet.sourceforge.pmd.util.database
. GridBagHelper
ColumnDescriptor
- All the package
External Contributions
- #2010: [java] LawOfDemeter to support inner builder pattern - Gregor Riegler
- #2012: [java] Fixes 336, slf4j log4j2 support - Mark Hall
- #2032: [core] Allow adding SourceCode directly into CPD - Nathan Braun
- #2047: [java] Fix computation of metrics with annotations - Andi Pabst
- #2065: [java] Stop checking UR anomalies - Carlos Macasaet
- #2068: [core] Rule loader should use the same resources loader for the ruleset - Chen Yang
- #2070: [core] Fix renderer tests for windows builds - Saladoc
- #2073: [test][core] Add expected and actual line of numbers to message wording - snuyanzin
- #2076: [java] Add Metric ClassFanOutComplexity - Andi Pabst
- #2078: [java] DoNotUseThreads should not warn on Runnable #1627 - Michael Clay
15-September-2019 - 6.18.0
The PMD team is pleased to announce PMD 6.18.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 13 Support
This release of PMD brings support for Java 13. PMD can parse Switch Expressions
with the new yield
statement and resolve the type of such an expression.
PMD also parses Text Blocks as String literals.
Note: The Switch Expressions and Text Blocks are a preview language feature of OpenJDK 13
and are not enabled by default. In order to
analyze a project with PMD that uses these language features, you’ll need to enable it via the environment
variable PMD_JAVA_OPTS
and select the new language version 13-preview
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 13-preview ...
Note: Support for the extended break statement introduced in Java 12 as a preview language feature will be removed with the next PMD version 6.19.0.
Full support for Scala
Thanks to Chris Smith PMD now fully supports Scala. Now rules for analyzing Scala code can be developed in addition to the Copy-Paste-Detection (CPD) functionality. There are no rules yet, so contributions are welcome.
Additionally Scala support has been upgraded from 2.12.4 to 2.13.
New rule designer documentation
The documentation for the rule designer is now available on the main PMD documentation page: Rule Designer Reference. Check it out to learn about the usage and features of the rule designer.
New rules
-
The Java rule
AvoidMessageDigestField
(java-bestpractices
) detects fields of the typejava.security.MessageDigest
. Using a message digest instance as a field would need to be synchronized, as it can easily be used by multiple threads. Without synchronization the calculated hash could be entirely wrong. Instead of declaring this as a field and synchronize access to use it from multiple threads, a new instance should be created when needed. This rule is also active when using java’s quickstart ruleset. -
The Apex rule
DebugsShouldUseLoggingLevel
(apex-bestpractices
) detects usages ofSystem.debug()
method calls that are used without specifying the log level. Having the log level specified provides a cleaner log, and improves readability of it.
Modified Rules
- The Java rule
CloseResource
(java-errorprone
) now ignores by default instances ofjava.util.stream.Stream
. These streams areAutoCloseable
, but most streams are backed by collections, arrays, or generating functions, which require no special resource management. However, there are some exceptions: The stream returned byFiles::lines(Path)
is backed by a actual file and needs to be closed. These instances won’t be found by default by the rule anymore.
Fixed Issues
- all
- #1465: [core] Stylesheet pmd-report.xslt fails to display filepath if ‘java’ in path
- #1923: [core] Incremental analysis does not work with shortnames
- #1983: [core] Avoid crashes with analysis cache when classpath references non-existing directories
- #1990: [core] Incremental analysis mixes XPath rule violations
- apex
- java
- #1930: [java] Add Java 13 support
- java-bestpractices
- java-codestyle
- #1951: [java] UnnecessaryFullyQualifiedName rule triggered when variable name clashes with package name
- java-errorprone
- plsql
- #1933: [plsql] ParseException with cursor declared in anonymous block
- #1935: [plsql] ParseException with SELECT INTO record defined as global variable
- #1936: [plslq] ParseException with cursor inside procedure declaration
- #1946: [plsql] ParseException with using TRIM inside IF statements condition
- #1947: [plsql] ParseError - SELECT with FOR UPDATE OF
- #1948: [plsql] ParseException with INSERT INTO using package global variables
- #1950: [plsql] ParseException with UPDATE and package record variable
- #1953: [plsql] ParseException with WITH in CURSOR
API Changes
Changes to Renderer
-
Each renderer has now a new method
Renderer#setUseShortNames
which is used for implementing the “shortnames” CLI option. The method is automatically called by PMD, if this CLI option is in use. When rendering filenames to the report, the new helper methodAbstractRenderer#determineFileName
should be used. This will change the filename to a short name, if the CLI option “shortnames” is used.Not adjusting custom renderers will make them render always the full file names and not honoring the CLI option “shortnames”.
Deprecated APIs
For removal
- The methods
getImportedNameNode
andgetPackage
have been deprecated and will be removed with PMD 7.0.0. - The method
RuleContext#setSourceCodeFilename
has been deprecated and will be removed. The already existing methodRuleContext#setSourceCodeFile
should be used instead. The methodRuleContext#getSourceCodeFilename
still exists and returns just the filename without the full path. - The method
AbstractPMDProcessor#filenameFrom
has been deprecated. It was used to determine a “short name” of the file being analyzed, so that the report can use short names. However, this logic has been moved to the renderers. - The method
Report#metrics
andReport
have been deprecated. They were leftovers from a previous deprecation round targetingStatisticalRule
.
Internal APIs
Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0. You can identify them with the @InternalApi
annotation. You’ll also get a deprecation warning.
- pmd-core
- pmd-java
net.sourceforge.pmd.lang.java.typeresolution
: Everything, including subpackages, exceptTypeHelper
andJavaTypeDefinition
.ASTCompilationUnit#getClassTypeResolver
External Contributions
- #1943: [apex] Adds “debug should use logging level” best practice rule for Apex - Renato Oliveira
- #1965: [scala] Use Scalameta for parsing - Chris Smith
- #1970: [java] DoubleBraceInitialization: Fix example - Tobias Weimer
- #1971: [java] 1862 - Message Digest should not be used as class field - AnthonyKot
- #1972: [plsql] ParseError - SELECT with FOR UPDATE OF - Piotr Szymanski
- #1974: [plsql] Fixes for referencing record type variables - Piotr Szymanski
- #1975: [plsql] TRIM function with record type variables - Piotr Szymanski
- #1976: [plsql] Fix for mistaking / for MultiplicativeExpression - Piotr Szymanski
- #1977: [plsql] fix for skipping sql starting with WITH - Piotr Szymanski
- #1986: [plsql] Fix for cursors in anonymous blocks - Piotr Szymanski
- #1994: [core] Resolve pmd-report failure when java folder in filepath - Amish Shah
- #2015: [java] Update doc for unused formal parameter - Amish Shah
28-July-2019 - 6.17.0
The PMD team is pleased to announce PMD 6.17.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog. It contains a new feature to edit test cases directly within the designer. Any feedback is highly appreciated.
Lua support
Thanks to the contribution from Maikel Steneker, and built on top of the ongoing efforts to fully support Antlr-based languages, PMD now has CPD support for Lua.
Being based on a proper Antlr grammar, CPD can:
- ignore comments
- honor comment-based suppressions
Modified Rules
-
The Java rule
CloseResource
(java-errorprone
) ignores now by defaultjava.io.ByteArrayInputStream
andjava.io.CharArrayWriter
. Such streams/writers do not need to be closed. -
The Java rule
MissingStaticMethodInNonInstantiatableClass
(java-errorprone
) has now the new propertyannotations
. When one of the private constructors is annotated with one of the annotations, then the class is not considered non-instantiatable anymore and no violation will be reported. By default, Spring’s@Autowired
and Java EE’s@Inject
annotations are recognized.
Fixed Issues
- core
- #1913: [core] “-help” CLI option ends with status code != 0
- doc
- #1896: [doc] Error in changelog 6.16.0 due to not properly closed rule tag
- #1898: [doc] Incorrect code example for DoubleBraceInitialization in documentation on website
- #1906: [doc] Broken link for adding own CPD languages
- #1909: [doc] Sample usage example refers to deprecated ruleset “basic.xml” instead of “quickstart.xml”
- java
- #1910: [java] ATFD calculation problem
- java-errorprone
- java-multithreading
- #1903: [java] UnsynchronizedStaticFormatter doesn’t allow block-level synchronization when using allowMethodLevelSynchronization=true
- plsql
- #1902: [pslql] ParseException when parsing (+)
- xml
- #1666: [xml] wrong cdata rule description and examples
External Contributions
- #1869: [xml] fix #1666 wrong cdata rule description and examples - Artem
- #1892: [lua] [cpd] Added CPD support for Lua - Maikel Steneker
- #1905: [java] DataflowAnomalyAnalysis Rule in right order - YoonhoChoi96
- #1908: [doc] Update ruleset filename from deprecated basic.xml to quickstart.xml - crunsk
- #1916: [java] Exclude Autowired and Inject for MissingStaticMethodInNonInstantiatableClass - AnthonyKot
- #1917: [core] Add ‘no error’ return option, and assign it to the cli when the help command is invoked - Renato Oliveira
30-June-2019 - 6.16.0
The PMD team is pleased to announce PMD 6.16.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
PLSQL Grammar Updates
The grammar has been updated to support inline constraints in CREATE TABLE statements. Additionally, the CREATE TABLE statement may now be followed by physical properties and table properties. However, these properties are skipped over during parsing.
The CREATE VIEW statement now supports subquery views.
The EXTRACT function can now be parsed correctly. It is used to extract values from a specified datetime field. Also date time literals are parsed now correctly.
The CASE expression can now be properly used within SELECT statements.
Table aliases are now supported when specifying columns in INSERT INTO clauses.
New Rules
-
The Java rule
DoubleBraceInitialization
(java-bestpractices
) detects non static initializers in anonymous classes also known as “double brace initialization”. This can be problematic, since a new class file is generated and object holds a strong reference to the surrounding class.Note: This rule is also part of the Java quickstart ruleset (
rulesets/java/quickstart.xml
).
Modified Rules
-
The Java rule
UnusedPrivateField
(java-bestpractices
) now ignores by default fields, that are annotated with the Lombok experimental annotation@Delegate
. This can be customized with the propertyignoredAnnotations
. -
The Java rule
SingularField
(java-design
) now ignores by default fields, that are annotated with the Lombok experimental annotation@Delegate
. This can be customized with the propertyignoredAnnotations
. -
The Java rules
UnsynchronizedStaticFormatter
andUnsynchronizedStaticDateFormatter
(java-multithreading
) now prefer synchronized blocks by default. They will raise a violation, if the synchronization is implemented on the method level. To allow the old behavior, the new propertyallowMethodLevelSynchronization
can be enabled. -
The Java rule
UseUtilityClass
(java-design
) has a new propertyignoredAnnotations
. By default, classes that are annotated with Lombok’s@UtilityClass
are ignored now. -
The Java rule
NonStaticInitializer
(java-errorprone
) does not report non static initializers in anonymous classes anymore. For this use case, there is a new rule now:DoubleBraceInitialization
(java-bestpractices
). -
The Java rule
CommentDefaultAccessModifier
(java-codestyle
) was enhanced in the last version 6.15.0 to check also top-level types by default. This created many new violations. Missing the access modifier for top-level types is not so critical, since it only decreases the visibility of the type.The default behaviour has been restored. If you want to enable the check for top-level types, you can use the new property
checkTopLevelTypes
. -
The Java rule
CloseResource
(java-errorprone
) now by default searches for any unclosedjava.lang.AutoCloseable
resource. This includes now the standardjava.io.*Stream
classes. Previously only SQL-related resources were considered by this rule. The types can still be configured via thetypes
property. Some resources do not need to be closed (e.g.ByteArrayOutputStream
). These exceptions can be configured via the new propertyallowedResourceTypes
. In order to restore the old behaviour, just remove the typejava.lang.AutoCloseable
from thetypes
property and keep the remaining SQL-related classes.
Deprecated Rules
- The Java rule
AvoidFinalLocalVariable
(java-codestyle
) has been deprecated and will be removed with PMD 7.0.0. The rule is controversial and also contradicts other existing rules such asLocalVariableCouldBeFinal
. If the goal is to avoid defining constants in a scope smaller than the class, then the ruleAvoidDuplicateLiterals
should be used instead.
Fixed Issues
- apex
- #1664: [apex] False positive ApexSharingViolationsRule, unsupported Apex feature
- java
- #1848: [java] Local classes should preserve their modifiers
- java-bestpractices
- java-codestyle
- java-design
- #1094: [java] UseUtilityClass should be LombokAware
- java-errorprone
- java-multithreading
- plsql
API Changes
Deprecated APIs
Reminder: Please don’t use members marked with the annotation
InternalApi
, as they will likely be removed, hidden, or otherwise intentionally broken with 7.0.0.
In ASTs
As part of the changes we’d like to do to AST classes for 7.0.0, we would like to hide some methods and constructors that rule writers should not have access to. The following usages are now deprecated in the Java AST (with other languages to come):
- Manual instantiation of nodes. Constructors of node classes are deprecated and marked
InternalApi
. Nodes should only be obtained from the parser, which for rules, means that never need to instantiate node themselves. Those constructors will be made package private with 7.0.0. - Subclassing of abstract node classes, or usage of their type. Version 7.0.0 will bring a new set of abstractions that will be public API, but the base classes are and will stay internal. You should not couple your code to them.
- Setters found in any node class or interface. Rules should consider the AST immutable. We will make those setters package private with 7.0.0.
Please look at net.sourceforge.pmd.lang.java.ast
to find out the full list
of deprecations.
External Contributions
- #1482: [java] Explain the existence of AvoidFinalLocalVariable in it’s description - Karl-Philipp Richter
- #1792: [java] Added lombok.experimental to AbstractLombokAwareRule - jakivey32
- #1808: [plsql] Fix PL/SQL Syntax errors - Hugo Araya Nash
- #1829: [java] Fix false negative in UnsynchronizedStaticFormatter - Srinivasan Venkatachalam
- #1847: [java] Regression in MethodReturnsInternalArray not handling enums - Artem
- #1863: [plsql] Add Table InlineConstraint - Hugo Araya Nash
- #1864: [plsql] Add support for Subquery Views - Hugo Araya Nash
- #1865: [plsql] Add Support for Extract Expression - Hugo Araya Nash
- #1874: [plsql] Add parenthesis equation support for Update - Hugo Araya Nash
- #1876: [plsql] Datetime support for queries - Hugo Araya Nash
- #1883: [plsql] Fix #1873 Expression list not working - Hugo Araya Nash
- #1884: [plsql] fix #1878 Support explicit INNER word for INNER JOIN - Hugo Araya Nash
- #1885: [plsql] Correct case expression - Hugo Araya Nash
- #1886: [plsql] Support table alias for Insert Clause - Hugo Araya Nash
26-May-2019 - 6.15.0
The PMD team is pleased to announce PMD 6.15.0.
This is a minor release.
Table Of Contents
New and noteworthy
Enhanced Matlab support
Thanks to the contributions from Maikel Steneker CPD for Matlab can now parse Matlab programs which use the question mark operator to specify access to class members:
classdef Class1
properties (SetAccess = ?Class2)
CPD also understands now double quoted strings, which are supported since version R2017a of Matlab:
str = "This is a string"
Enhanced C++ support
CPD now supports digit separators in C++ (language module “cpp”). This is a C++14 feature.
Example: auto integer_literal = 1'000'000;
The single quotes can be used to add some structure to large numbers.
CPD also parses raw string literals now correctly (see #1784).
New Rules
-
The new Apex rule
FieldNamingConventions
(apex-codestyle
) checks the naming conventions for field declarations. By default this rule uses the standard Apex naming convention (Camel case), but it can be configured through properties. -
The new Apex rule
FormalParameterNamingConventions
(apex-codestyle
) checks the naming conventions for formal parameters of methods. By default this rule uses the standard Apex naming convention (Camel case), but it can be configured through properties. -
The new Apex rule
LocalVariableNamingConventions
(apex-codestyle
) checks the naming conventions for local variable declarations. By default this rule uses the standard Apex naming convention (Camel case), but it can be configured through properties. -
The new Apex rule
PropertyNamingConventions
(apex-codestyle
) checks the naming conventions for property declarations. By default this rule uses the standard Apex naming convention (Camel case), but it can be configured through properties. -
The new Java rule
UseShortArrayInitializer
(java-codestyle
) searches for array initialization expressions, which can be written shorter.
Modified Rules
-
The Apex rule
ClassNamingConventions
(apex-codestyle
) can now be configured using various properties for the specific kind of type declarations (e.g. class, interface, enum). As before, this rule uses by default the standard Apex naming convention (Pascal case). -
The Apex rule
MethodNamingConventions
(apex-codestyle
) can now be configured using various properties to differenciate e.g. static methods and test methods. As before, this rule uses by default the standard Apex naming convention (Camel case). -
The Java rule
FieldNamingConventions
(java-codestyle
) now by default ignores the fieldserialPersistentFields
. Since this is a field which needs to have this special name, no field naming conventions can be applied here. It is excluded the same way likeserialVersionUID
via the propertyexclusions
. -
The Java rule
CommentRequired
(java-documentation
) has a new propertyserialPersistentFieldsCommentRequired
with the default value “Ignored”. This means that from now on comments for the fieldserialPersistentFields
are not required anymore. You can change the property to restore the old behavior. -
The Java rule
ProperLogger
(java-errorprone
) has two new properties to configure the logger class (e.g. “org.slf4j.Logger”) and the logger name of the special case, when the logger is not static. The name of the static logger variable was already configurable. The new property “loggerClass” allows to use this rule for different logging frameworks. This rule covers all the cases of the now deprecated ruleLoggerIsNotStaticFinal
. -
The Java rule
CommentDefaultAccessModifier
(java-codestyle
) now reports also missing comments for top-level classes and annotations, that are package-private.
Deprecated Rules
-
The Apex rule
VariableNamingConventions
(apex-codestyle
) has been deprecated and will be removed with PMD 7.0.0. The rule is replaced by the more general rulesFieldNamingConventions
,FormalParameterNamingConventions
,LocalVariableNamingConventions
, andPropertyNamingConventions
. -
The Java rule
LoggerIsNotStaticFinal
(java-errorprone
) has been deprecated and will be removed with PMD 7.0.0. The rule is replaced byProperLogger
.
Fixed Issues
- apex
- cpp
- #1784: [cpp] Improve support for raw string literals
- dart
- #1809: [dart] [cpd] Parse error with escape sequences
- java
- #1842: [java] Annotated module declarations cause parse error
- java-bestpractices
- #1738: [java] MethodReturnsInternalArray does not work in inner classes
- java-codestyle
- python
- #1810: [python] [cpd] Parse error when using Python 2 backticks
- matlab
API Changes
Deprecated APIs
For removal
- The
DumpFacades
in all languages, that could be used to transform a AST into a textual representation, will be removed with PMD 7. The rule designer is a better way to inspect nodes.net.sourceforge.pmd.lang.apex.ast.DumpFacade
net.sourceforge.pmd.lang.java.ast.DumpFacade
net.sourceforge.pmd.lang.ecmascript.ast.DumpFacade
net.sourceforge.pmd.lang.jsp.ast.DumpFacade
net.sourceforge.pmd.lang.plsql.ast.DumpFacade
net.sourceforge.pmd.lang.vf.ast.DumpFacade
net.sourceforge.pmd.lang.vm.ast.AbstractVmNode#dump
net.sourceforge.pmd.lang.xml.ast.DumpFacade
- The method
LanguageVersionHandler#getDumpFacade
will be removed as well. It is deprecated, along with all its implementations in the subclasses ofLanguageVersionHandler
.
External Contributions
- #1647: [java] Rule to detect overly verbose array initialization - Victor
- #1762: [java] LoggerIsNotStaticFinal and ProperLogger - make class-name configurable - Ivo Šmíd
- #1798: [java] Make CommentDefaultAccessModifier work for top-level classes - Boris Petrov
- #1799: [java] MethodReturnsInternalArray does not work in inner classes - Fixed #1738 - Srinivasan Venkatachalam
- #1802: [python] [cpd] Add support for Python 2 backticks - Maikel Steneker
- #1803: [dart] [cpd] Dart escape sequences - Maikel Steneker
- #1807: [ci] Fix missing local branch issues when executing pmd-regression-tester - BBG
- #1813: [matlab] [cpd] Matlab comments - Maikel Steneker
- #1816: [apex] Fix ApexDoc handling with inner classes - Jeff Hube
- #1817: [apex] Add configurable naming convention rules - Jeff Hube
- #1819: [cpp] [cpd] Add support for digit separators - Maikel Steneker
- #1820: [cpp] [cpd] Improve support for raw string literals - Maikel Steneker
- #1821: [matlab] [cpd] Matlab question mark token - Maikel Steneker
- #1822: [matlab] [cpd] Double quoted string - Maikel Steneker
- #1837: [core] Minor performance improvements - Michael Hausegger
- #1838: [dart] [cpd] Improved string tokenization - Maikel Steneker
- #1840: [java] Whitelist serialPersistentFields - Marcel Härle
28-April-2019 - 6.14.0
The PMD team is pleased to announce PMD 6.14.0.
This is a minor release.
Table Of Contents
New and noteworthy
Dart support
Thanks to the contribution from Maikel Steneker, and built on top of the ongoing efforts to fully support Antlr-based languages, PMD now has CPD support for Dart.
Being based on a proper Antlr grammar, CPD can:
- ignore comments
- ignore imports / libraries
- honor comment-based suppressions
Updated PMD Designer
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
Modified Rules
-
The Java rule
AssignmentToNonFinalStatic
(java-errorprone
) will now report on each assignment made within a constructor rather than on the field declaration. This makes it easier for developers to find the offending statements. -
The Java rule
NoPackage
(java-codestyle
) will now report additionally enums and annotations that do not have a package declaration.
Fixed Issues
- all
- go
- #1751: [go] Parsing errors encountered with escaped backslash
- java
- java-bestpractices
- java-codestyle
- java-design
- #1760: [java] UseObjectForClearerAPI flags private methods
API Changes
No changes.
External Contributions
- #1745: [doc] Fixed some errors in docs - 0xflotus
- #1746: [java] Update rule to prevent UnusedImport when using JavaDoc with array type - itaigilo
- #1752: [java] UseObjectForClearerAPI Only For Public - Björn Kautler
- #1761: [dart] [cpd] Added CPD support for Dart - Maikel Steneker
- #1776: [java] Show more detailed message when can’t resolve field type - Andrey Fomin
- #1781: [java] Location change in AssignmentToNonFinalStatic - Maikel Steneker
- #1789: [cpd] [core] Use current classloader instead of Thread’s classloader - Andreas Schmid
- #1791: [dart] [cpd] Dart escaped string - Maikel Steneker
31-March-2019 - 6.13.0
The PMD team is pleased to announce PMD 6.13.0.
This is a minor release.
Table Of Contents
New and noteworthy
Call For Logo
We are still searching for a new logo for PMD for the next major release.
Learn more about how to participate on github issue 1663.
Java 12 Support
This release of PMD brings support for Java 12. PMD can parse the new Switch Expressions and resolve the type of such an expression.
Note: The Switch Expressions are a preview language feature of OpenJDK 12 and are not enabled by default. In order to
analyze a project with PMD that uses these language features, you’ll need to enable it via the new environment
variable PMD_JAVA_OPTS
:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd ...
Quickstart Ruleset for Apex
PMD provides now a quickstart ruleset for Salesforce.com Apex, which you can use as a base ruleset to
get your custom ruleset started. You can reference it with rulesets/apex/quickstart.xml
.
You are strongly encouraged to create your own ruleset
though.
The quickstart ruleset has the intention, to be useful out-of-the-box for many projects. Therefore it references only rules, that are most likely to apply everywhere.
Any feedback would be greatly appreciated.
PMD Designer
The rule designer’s codebase has been moved out of the main repository and will be developed at pmd/pmd-designer from now on. The maven coordinates will stay the same for the time being. The designer will still be shipped with PMD’s binaries.
Improved Apex Support
- Many AST nodes now expose more information which makes it easier to write XPath-based rules for Apex. Here are
some examples:
Annotation[@Resolved = false()]
finds unsupported annotations.AnnotationParameter[@Name='RestResource'][@Value='/myurl']
gives access to annotation parameters.CatchBlockStatement[@ExceptionType='Exception'][@VariableName='e']
finds catch block for specific exception types.Field[@Type='String']
find all String fields,Field[string-length(@Name) < 5]
finds all fields with short names andField[@Value='a']
find alls fields, that are initialized with a specific value.LiteralExpression[@String = true()]
finds all String literals. There are attributes for each type:@Boolean
,@Integer
,@Double
,@Long
,@Decimal
,@Null
.Method[@Constructor = true()]
selects all constructors.Method[@ReturnType = 'String']
selects all methods that return a String.- The
ModifierNode
node has a couple of attributes to check for the existence of specific modifiers:@Test
,@TestOrTestSetup
,@WithSharing
,@WithoutSharing
,@InheritedSharing
,@WebService
,@Global
,@Override
. - Many nodes now expose their type. E.g. with
Parameter[@Type='Integer']
you can find all method parameters of type Integer. The same attributeType
exists as well for:NewObjectExpression
,Property
,VariableDeclaration
. VariableExpression[@Image='i']
finds all variable usages of the variable “i”.
New Rules
-
The new Java rule
AvoidUncheckedExceptionsInSignatures
(java-design
) finds methods or constructors that declare unchecked exceptions in theirthrows
clause. This forces the caller to handle the exception, even though it is a runtime exception. -
The new Java rule
DetachedTestCase
(java-errorprone
) searches for public methods in test classes, which are not annotated with@Test
. These methods might be test cases where the annotation has been forgotten. Because of that those test cases are never executed. -
The new Java rule
WhileLoopWithLiteralBoolean
(java-bestpractices
) finds Do-While-Loops and While-Loops that can be simplified since they use simplytrue
orfalse
as their loop condition. -
The new Apex rule
ApexAssertionsShouldIncludeMessage
(apex-bestpractices
) searches for assertions in unit tests and checks, whether they use a message argument. -
The new Apex rule
ApexUnitTestMethodShouldHaveIsTestAnnotation
(apex-bestpractices
) searches for methods in test classes, which are missing the@IsTest
annotation. -
The new PLSQL rule
AvoidTabCharacter
(plsql-codestyle
) checks, that there are no tab characters (“\t”) in the source file. -
The new PLSQL rule
LineLength
(plsql-codestyle
) helps to enforce a maximum line length.
Fixed Issues
- doc
- #1721: [doc] Documentation provides an invalid property configuration example
- java
- #1537: [java] Java 12 support
- java-bestpractices
- #1701: [java] UseTryWithResources does not handle multiple argument close methods
- java-codestyle
- java-errorprone
- #1570: [java] AvoidDuplicateLiterals warning about deprecated separator property when not used
- plsql
- #1510: [plsql] Support XMLTABLE functions
- #1716: [plsql] Support access to whole plsql code
- #1731: [pslql] ParseException when parsing ELSIF
- #1733: [plsql] % not supported in “TestSearch%notfound”
- #1734: [plsql] TooManyMethods false-negative
- #1735: [plsql] False-negatives for TO_DATE_TO_CHAR, TO_DATEWithoutDateFormat, TO_TIMESTAMPWithoutDateFormat
API Changes
Command Line Interface
The start scripts run.sh
, pmd.bat
and cpd.bat
support the new environment variable PMD_JAVA_OPTS
.
This can be used to set arbitrary JVM options for running PMD, such as memory settings (e.g. PMD_JAVA_OPTS=-Xmx512m
)
or enable preview language features (e.g. PMD_JAVA_OPTS=--enable-preview
).
The previously available variables such as OPTS
or HEAPSIZE
are deprecated and will be removed with PMD 7.0.0.
Deprecated API
-
CodeClimateRule
is deprecated in 7.0.0 because it was unused for 2 years and created an unwanted dependency. Properties “cc_categories”, “cc_remediation_points_multiplier”, “cc_block_highlighting” will also be removed. See #1702 for more. -
The Apex ruleset
rulesets/apex/ruleset.xml
has been deprecated and will be removed in 7.0.0. Please use the new quickstart rulesetrulesets/apex/quickstart.xml
instead.
External Contributions
- #1694: [apex] New rules for test method and assert statements - triandicAnt
- #1697: [doc] Update CPD documentation - Matías Fraga
- #1704: [java] Added AvoidUncheckedExceptionsInSignatures Rule - Bhanu Prakash Pamidi
- #1706: [java] Add DetachedTestCase rule - David Burström
- #1709: [java] Detect while loops with literal booleans conditions - David Burström
- #1717: [java] Fix false positive in useTryWithResources when using a custom close method with multiple arguments - Rishabh Jain
- #1724: [doc] Correct property override example - Felix W. Dekker
- #1737: [java] fix escaping of CommentDefaultAccessModifier documentation - itaigilo
24-February-2019 - 6.12.0
The PMD team is pleased to announce PMD 6.12.0.
This is a minor release.
Table Of Contents
New and noteworthy
Call For Logo
PMD’s logo was great for a long time. But now we want to take the opportunity with the next major release to change our logo in order to use a more “politically correct” one.
Learn more about how to participate on github issue 1663.
CPD Suppression for Antlr-based languages
ITBA students Matías Fraga,
Tomi De Lucca and Lucas Soncini
keep working on bringing full Antlr support to PMD. For this release, they have implemented
token filtering in an equivalent way as we did for JavaCC languages, adding support for CPD
suppressions through CPD-OFF
and CPD-ON
comments for all Antlr-based languages.
This means, you can now ignore arbitrary blocks of code on:
- Go
- Kotlin
- Swift
Simply start the suppression with any comment (single or multiline) containing CPD-OFF
,
and resume again with a comment containing CPD-ON
.
More information is available in the user documentation.
PL/SQL Grammar improvements
- In this release, many more parser bugs in our PL/SQL support have been fixed. This adds more complete support for UPDATE statements and subqueries and hierarchical queries in SELECT statements.
- Support for analytic functions such as LISTAGG has been added.
- Conditions in WHERE clauses support now REGEX_LIKE and multiset conditions.
New Rules
- The new Java rule
UseTryWithResources
(java-bestpractices
) searches for try-blocks, that could be changed to a try-with-resources statement. This statement ensures that each resource is closed at the end of the statement and is available since Java 7.
Modified Rules
- The Apex rule
MethodNamingConventions
(apex-codestyle
) has a new propertyskipTestMethodUnderscores
, which is by default disabled. The new property allows for ignoring all test methods, either using thetestMethod
modifier or simply annotating them@isTest
.
Fixed Issues
- all
- java-bestpractices
- java-codestyle
- java-design
- #1641: [java] False-positive with Lombok and inner classes
- java-errorprone
- #780: [java] BeanMembersShouldSerializeRule does not recognize lombok accessors
- java-multithreading
- #1633: [java] UnsynchronizedStaticFormatter reports commons lang FastDateFormat
- java-performance
- #1632: [java] ConsecutiveLiteralAppends false positive over catch
- plsql
- designer
- #1679: [ui] No default language version selected
API Changes
No changes.
External Contributions
- #1623: [java] Fix lombok.AllArgsConstructor support - Bobby Wertman
- #1625: [java] UnusedImports false positive for method parameter type in @see Javadoc - Shubham
- #1628: [java] LinguisticNaming should ignore overriden methods - Shubham
- #1634: [java] BeanMembersShouldSerializeRule does not recognize lombok accessors - Shubham
- #1635: [java] UnsynchronizedStaticFormatter reports commons lang FastDateFormat - Shubham
- #1637: [java] Compile time constants initialized by literals avoided by AccessorMethodGenerationRule - Shubham
- #1640: [java] Update instead of override classHasLombokAnnotation flag - Phokham Nonava
- #1644: [apex] Add property to allow apex test methods to contain underscores - Tom
- #1645: [java] ConsecutiveLiteralAppends false positive - Shubham
- #1646: [java] UseDiamondOperator doesn’t work with var - Shubham
- #1654: [core] Antlr token filter - Tomi De Lucca
- #1655: [kotlin] Kotlin tokenizer refactor - Lucas Soncini
- #1686: [doc] Replaced wrong escaping with “>” - Himanshu Pandey
27-January-2019 - 6.11.0
The PMD team is pleased to announce PMD 6.11.0.
This is a minor release.
Table Of Contents
New and noteworthy
Updated Apex Support
- The Apex language support has been bumped to version 45 (Spring ‘19). All new language features are now properly parsed and processed.
- Many nodes now expose more informations, such as the operator for BooleanExpressions. This makes these operators
consumable by XPath rules, e.g.
//BooleanExpression[@Operator='&&']
.
PL/SQL Grammar improvements
- In this release, many parser bugs in our PL/SQL support have been fixed. This adds e.g. support for
table collection expressions (
SELECT * FROM TABLE(expr)
). - Support for parsing insert statements has been added.
- More improvements are planned for the next release of PMD.
New Rules
-
The new Java rule
UnsynchronizedStaticFormatter
(java-multithreading
) detects unsynchronized usages of staticjava.text.Format
instances. This rule is a more generic replacement of the ruleUnsynchronizedStaticDateFormatter
which focused just onDateFormat
. -
The new Java rule
ForLoopVariableCount
(java-bestpractices
) checks for the number of control variables in a for-loop. Having a lot of control variables makes it harder to understand what the loop does. The maximum allowed number of variables is by default 1 and can be configured by a property. -
The new Java rule
AvoidReassigningLoopVariables
(java-bestpractices
) searches for loop variables that are reassigned. Changing the loop variables additionally to the loop itself can lead to hard-to-find bugs. -
The new Java rule
UseDiamondOperator
(java-codestyle
) looks for constructor calls with explicit type parameters. Since Java 1.7, these type parameters are not necessary anymore, as they can be inferred now.
Modified Rules
- The Java rule
LocalVariableCouldBeFinal
(java-codestyle
) has a new propertyignoreForEachDecl
, which is by default disabled. The new property allows for ignoring non-final loop variables in a for-each statement.
Deprecated Rules
- The Java rule
UnsynchronizedStaticDateFormatter
has been deprecated and will be removed with PMD 7.0.0. The rule is replaced by the more generalUnsynchronizedStaticFormatter
.
Fixed Issues
- core
- apex
- java
- java-bestpractices
- java-codestyle
- java-errorprone
- java-multithreading
- #1533: [java] New rule: UnsynchronizedStaticFormatter
- plsql
-
#1507: [plsql] Parse Exception when using ‘ ’ operator in where clause - #1508: [plsql] Parse Exception when using SELECT COUNT(*)
- #1509: [plsql] Parse Exception with OUTER/INNER Joins
- #1511: [plsql] Parse Exception with IS NOT NULL
- #1526: [plsql] ParseException when using TableCollectionExpression
- #1583: [plsql] Update Set Clause should allow multiple columns
- #1586: [plsql] Parse Exception when functions are used with LIKE
- #1588: [plsql] Parse Exception with function calls in WHERE clause
-
API Changes
StatisticalRule
and the related helper classes and base rule classes are deprecated for removal in 7.0.0. This includes all ofnet.sourceforge.pmd.stat
andnet.sourceforge.pmd.lang.rule.stat
, and alsoAbstractStatisticalJavaRule
,AbstractStatisticalApexRule
and the like. The methodsReport#addMetric
andmetricAdded
will also be removed.setProperty
is deprecated, becauseMultiValuePropertyDescriptor
is deprecated as well
External Contributions
- #1503: [java] Fix for ReturnFromFinallyBlock false-positives - RishabhDeep Singh
- #1514: [java] LocalVariableCouldBeFinal: allow excluding the variable in a for-each loop - Kris Scheibe
- #1516: [java] OneDeclarationPerLine: Don’t report multiple variables in a for statement. - Kris Scheibe
- #1520: [java] New rule: ForLoopVariableCount: check the number of control variables in a for loop - Kris Scheibe
- #1521: [java] Upgrade to ASM7 for JDK 11 support - Mark Pritchard
- #1530: [java] New rule: AvoidReassigningLoopVariables - Kris Scheibe
- #1534: [java] This is the change regarding the usediamondoperator #1517 - hemanshu070
- #1545: [doc] fixing dead links + tool to check for dead links automatically - Kris Scheibe
- #1551: [java] InvalidSlf4jMessageFormatRule should not throw NPE for enums - Robbie Martinus
- #1552: [core] Upgrading Google Gson from 2.5 to 2.8.5 - Thunderforge
- #1553: [core] Upgrading System Rules dependency from 1.8.0 to 1.19.0 - Thunderforge
- #1554: [plsql] updates should allow for multiple statements - tashiscool
- #1584: [core] Fixes 1196: inconsistencies of clones returned by different CPD executions for the same files - Bruno Ferreira
09-December-2018 - 6.10.0
The PMD team is pleased to announce PMD 6.10.0.
This is a minor release.
Table Of Contents
New and noteworthy
Kotlin support for CPD
Thanks to Maikel Steneker, CPD now supports Kotlin. This means, you can use CPD to find duplicated code in your Kotlin projects.
New Rules
- The new Java rule
UseUnderscoresInNumericLiterals
(java-codestyle
) verifies that numeric literals over a given length (4 chars by default, but configurable) are using underscores every 3 digits for readability. The rule only applies to Java 7+ codebases.
Modified Rules
-
The Java rule
JUnitTestsShouldIncludeAssert
(java-bestpractices
) now also detects Soft Assertions. -
The property
exceptionfile
of the ruleAvoidDuplicateLiterals
(java-errorprone
) has been deprecated and will be removed with 7.0.0. Please useexceptionList
instead.
Fixed Issues
- all
- #1284: [doc] Keep record of every currently deprecated API
- #1318: [test] Kotlin DSL to ease test writing
- #1328: [ci] Building docs for release fails
- #1341: [doc] Documentation Error with Regex Properties
- #1468: [doc] Missing escaping leads to XSS
- #1471: [core] XMLRenderer: ProcessingErrors from exceptions without a message missing
- #1477: [core] Analysis cache fails with wildcard classpath entries
- java
- #1460: [java] Intermittent PMD failure : PMD processing errors while no violations reported
- java-bestpractices
- java-codestyle
- java-design
- java-errorprone
- #1512: [java] InvalidSlf4jMessageFormatRule causes NPE in lambda and static blocks
- plsql
- #1454: [plsql] ParseException for IF/CASE statement with >=, <=, !=
API Changes
Properties framework
The properties framework is about to get a lifting, and for that reason, we need to deprecate a lot of APIs to remove them in 7.0.0. The proposed changes to the API are described on the wiki
Changes to how you define properties
-
Construction of property descriptors has been possible through builders since 6.0.0. The 7.0.0 API will only allow construction through builders. The builder hierarchy, currently found in the package
net.sourceforge.pmd.properties.builders
, is being replaced by the simplerPropertyBuilder
. Their APIs enjoy a high degree of source compatibility. -
Concrete property classes like
IntegerProperty
andStringMultiProperty
will gradually all be deprecated until 7.0.0. Their usages should be replaced by direct usage of thePropertyDescriptor
interface, e.g.PropertyDescriptor<Integer>
orPropertyDescriptor<List<String>>
. -
Instead of spreading properties across countless classes, the utility class
PropertyFactory
will become from 7.0.0 on the only provider for property descriptor builders. Each current property type will be replaced by a corresponding method onPropertyFactory
:IntegerProperty
is replaced byPropertyFactory#intProperty
IntegerMultiProperty
is replaced byPropertyFactory#intListProperty
FloatProperty
andDoubleProperty
are both replaced byPropertyFactory#doubleProperty
. Having a separate property for floats wasn’t that useful.- Similarly,
FloatMultiProperty
andDoubleMultiProperty
are replaced byPropertyFactory#doubleListProperty
.
- Similarly,
StringProperty
is replaced byPropertyFactory#stringProperty
StringMultiProperty
is replaced byPropertyFactory#stringListProperty
-
RegexProperty
is replaced byPropertyFactory#regexProperty
EnumeratedProperty
is replaced byPropertyFactory#enumProperty
EnumeratedProperty
is replaced byPropertyFactory#enumListProperty
BooleanProperty
is replaced byPropertyFactory#booleanProperty
- Its multi-valued counterpart,
BooleanMultiProperty
, is not replaced, because it doesn’t have a use case.
- Its multi-valued counterpart,
CharacterProperty
is replaced byPropertyFactory#charProperty
CharacterMultiProperty
is replaced byPropertyFactory#charListProperty
LongProperty
is replaced byPropertyFactory#longIntProperty
LongMultiProperty
is replaced byPropertyFactory#longIntListProperty
MethodProperty
,FileProperty
,TypeProperty
and their multi-valued counterparts are discontinued for lack of a use-case, and have no planned replacement in 7.0.0 for now.
Here’s an example:
// Before 7.0.0, these are equivalent:
IntegerProperty myProperty = new IntegerProperty("score", "Top score value", 1, 100, 40, 3.0f);
IntegerProperty myProperty = IntegerProperty.named("score").desc("Top score value").range(1, 100).defaultValue(40).uiOrder(3.0f);
// They both map to the following in 7.0.0
PropertyDescriptor<Integer> myProperty = PropertyFactory.intProperty("score").desc("Top score value").require(inRange(1, 100)).defaultValue(40);
You’re highly encouraged to migrate to using this new API as soon as possible, to ease your migration to 7.0.0.
Architectural simplifications
-
EnumeratedPropertyDescriptor
,NumericPropertyDescriptor
,PackagedPropertyDescriptor
, and the related builders (innet.sourceforge.pmd.properties.builders
) will be removed. These specialized interfaces allowed additional constraints to be enforced on the value of a property, but made the property class hierarchy very large and impractical to maintain. Their functionality will be mapped uniformly toPropertyConstraint
s, which will allow virtually any constraint to be defined, and improve documentation and error reporting. The related methodsPropertyTypeId#isPropertyNumeric
andPropertyTypeId#isPropertyPackaged
are also deprecated. -
MultiValuePropertyDescriptor
andSingleValuePropertyDescriptor
are deprecated. 7.0.0 will introduce a new XML syntax which will remove the need for such a divide between single- and multi-valued properties. The methodPropertyDescriptor#isMultiValue
will be removed accordingly.
Changes to the PropertyDescriptor interface
preferredRowCount
is deprecated with no intended replacement. It was never implemented, and does not belong in this interface. The methodsuiOrder
andcompareTo(PropertyDescriptor)
are deprecated for the same reason. These methods mix presentation logic with business logic and are not necessary for PropertyDescriptors to work.PropertyDescriptor
will not extendComparable<PropertyDescriptor>
anymore come 7.0.0.- The method
propertyErrorFor
is deprecated and will be removed with no intended replacement. It’s really just a shortcut forprop.errorFor(rule.getProperty(prop))
. T
valueFrom(String)
andString
asDelimitedString
(T)
are deprecated and will be removed. These were used to serialize and deserialize properties to/from a string, but 7.0.0 will introduce a more flexible XML syntax which will make them obsolete.isMultiValue
andtype
are deprecated and won’t be replaced. The new XML syntax will remove the need for a divide between multi- and single-value properties, and will allow arbitrary types to be represented. Since arbitrary types may be represented,type
will become obsolete as it can’t represent generic types, which will nevertheless be representable with the XML syntax. It was only used for documentation, but a new way to document these properties exhaustively will be added with 7.0.0.errorFor
is deprecated as its return type will be changed toOptional<String>
with the shift to Java 8.
Deprecated APIs
For internalization
-
The implementation of the adapters for the XPath engines Saxon and Jaxen (package
net.sourceforge.pmd.lang.ast.xpath
) are now deprecated. They’ll be moved to an internal package come 7.0.0. OnlyAttribute
remains public API. -
The classes
PropertyDescriptorField
,PropertyDescriptorBuilderConversionWrapper
, and the methodsPropertyDescriptor#attributeValuesById
,PropertyDescriptor#isDefinedExternally
andPropertyTypeId#getFactory
. These were used to read and write properties to and from XML, but were not intended as public API. -
The class
ValueParserConstants
and the interfaceValueParser
. -
All classes from
net.sourceforge.pmd.lang.java.metrics.impl.visitors
are now considered internal API. They’re deprecated and will be moved into an internal package with 7.0.0. To implement your own metrics visitors,JavaParserVisitorAdapter
should be directly subclassed. -
LanguageVersionHandler#getDataFlowHandler()
,LanguageVersionHandler#getDFAGraphRule()
For removal
-
All classes from
net.sourceforge.pmd.properties.modules
will be removed. -
The interface
Dimensionable
has been deprecated. It gets in the way of a grammar change for 7.0.0 and won’t be needed anymore (see #997). -
Several methods from
ASTLocalVariableDeclaration
andASTFieldDeclaration
have also been deprecated:-
ASTFieldDeclaration
won’t be aTypeNode
come 7.0.0, sogetType
andgetTypeDefinition
are deprecated. -
The method
getVariableName
on those two nodes will be removed, too.
All these are deprecated because those nodes may declare several variables at once, possibly with different types (and obviously with different names). They both implement
Iterator<
ASTVariableDeclaratorId
>
though, so you should iterate on each declared variable. See #910. -
-
Visitor decorators are now deprecated and will be removed in PMD 7.0.0. They were originally a way to write composable visitors, used in the metrics framework, but they didn’t prove cost-effective.
- In
net.sourceforge.pmd.lang.java.ast
:JavaParserDecoratedVisitor
,JavaParserControllessVisitor
,JavaParserControllessVisitorAdapter
, andJavaParserVisitorDecorator
are deprecated with no intended replacement.
- In
-
The LanguageModules of several languages, that only support CPD execution, have been deprecated. These languages are not fully supported by PMD, so having a language module does not make sense. The functionality of CPD is not affected by this change. The following classes have been deprecated and will be removed with PMD 7.0.0:
CppHandler
CppLanguageModule
CppParser
CsLanguageModule
FortranLanguageModule
GroovyLanguageModule
MatlabHandler
MatlabLanguageModule
MatlabParser
ObjectiveCHandler
ObjectiveCLanguageModule
ObjectiveCParser
PhpLanguageModule
PythonHandler
PythonLanguageModule
PythonParser
RubyLanguageModule
ScalaLanguageModule
SwiftLanguageModule
-
Optional AST processing stages like symbol table, type resolution or data-flow analysis will be reified in 7.0.0 to factorise common logic and make them extensible. Further explanations about this change can be found on #1426. Consequently, the following APIs are deprecated for removal:
- In
Rule
:isDfa()
,isTypeResolution()
,isMultifile()
and their respective setters. - In
RuleSet
:usesDFA(Language)
,usesTypeResolution(Language)
,usesMultifile(Language)
- In
RuleSets
:usesDFA(Language)
,usesTypeResolution(Language)
,usesMultifile(Language)
- In
LanguageVersionHandler
:getDataFlowFacade()
,getSymbolFacade()
,getSymbolFacade(ClassLoader)
,getTypeResolutionFacade(ClassLoader)
,getQualifiedNameResolutionFacade(ClassLoader)
- In
External Contributions
- #1384: [java] New Rule - UseUnderscoresInNumericLiterals - RajeshR
- #1424: [doc] #1341 Updating Regex Values in default Value Property - avishvat
- #1428: [core] Upgrading JCommander from 1.48 to 1.72 - Thunderforge
- #1430: [doc] Who really knows regex? - Dem Pilafian
- #1434: [java] JUnitTestsShouldIncludeAssert: Recognize AssertJ soft assertions as valid assert statements - Loïc Ledoyen
- #1439: [java] Avoid FileInputStream and FileOutputStream - reudismam
- #1441: [kotlin] [cpd] Added CPD support for Kotlin - Maikel Steneker
- #1447: [fortran] Use diamond operator in impl - reudismam
- #1453: [java] Adding the fix for #1440. Showing correct message for CommentDefaultAccessmodifier. - Rohit Kumar
- #1457: [java] Adding test for Issue #647 - orimarko
- #1464: [doc] Fix XSS on documentation web page - Maxime Robert
- #1469: [core] Configurable max loops in DAAPathFinder - Alberto Fernández
- #1494: [java] 1151: Rephrase ImmutableField documentation in design.xml - Robbie Martinus
- #1504: [java] NPE in InvalidSlf4jMessageFormatRule if a logger call with a variable as parameter is not inside a method or constructor - kris-scheibe
28-October-2018 - 6.9.0
The PMD team is pleased to announce PMD 6.9.0.
This is a minor release.
Table Of Contents
New and noteworthy
Improved Golang CPD Support
Thanks to the work of ITBA students Matías Fraga, Tomi De Lucca and Lucas Soncini, Golang is now backed by a proper Antlr Grammar. This means CPD is now better at detecting duplicates, as comments are recognized as such and ignored.
New Rules
- The new PLSQL rule
CodeFormat
(plsql-codestyle
) verifies that PLSQL code is properly formatted. It checks e.g. for correct indentation in select statements and verifies that each parameter is defined on a separate line.
Fixed Issues
- all
- #649: [core] Exclude specific files from command line
- #1272: [core] Could not find or load main class when using symlinked run.sh
- #1377: [core] LanguageRegistry uses default class loader when invoking ServiceLocator
- #1394: [doc] How to configure “-cache
" - #1412: [doc] Broken link to adding new cpd language documentation
- apex
- #1396: [apex] ClassCastException caused by Javadoc
- java
- #1330: [java] PMD crashes with java.lang.ClassFormatError: Absent Code attribute in method that is not native or abstract in class file javax/xml/ws/Service
- java-bestpractices
- #1202: [java] GuardLogStatement: “There is log block not surrounded by if” doesn’t sound right
- #1209: [java] UnusedImports false positive for static import with package-private method usage
- #1343: [java] Update CommentDefaultAccessModifierRule to extend AbstractIgnoredAnnotationRule
- #1365: [java] JUnitTestsShouldIncludeAssert false positive
- #1404: [java] UnusedImports false positive with static ondemand import with method call
- java-codestyle
- java-design
- #1369: [java] Processing error (ClassCastException) if a TYPE_USE annotation is used on a base class in the “extends” clause
- jsp
- #1402: [jsp] JspTokenManager has a problem about jsp scriptlet
- documentation
- #1349: [doc] Provide some explanation for WHY duplicate code is bad, like mutations
API Changes
- PMD has a new CLI option
-ignorelist
. With that, you can provide a file containing a comma-delimit list of files, that should be excluded during analysis. The ignorelist is applied after the files have been selected via-dir
or-filelist
, which means, if the file is in both lists, then it will be ignored. Note: there is no corresponding option for the Ant task, since the feature is already available via Ant’s FileSet include/exclude filters.
External Contributions
- #1338: [core] [cpd] Generalize ANTLR tokens preparing support for ANTLR token filter - Matías Fraga and Tomi De Lucca
- #1361: [doc] Update cpd.md with information about risks - David M. Karr
- #1366: [java] Static Modifier on Internal Interface pmd #1356 - avishvat
- #1368: [doc] Updated outdated note in the building documentation. - Maikel Steneker
- #1374: [java] Simplify check for ‘Test’ annotation in JUnitTestsShouldIncludeAssertRule. - Will Winder
- #1375: [java] Add missing null check AbstractJavaAnnotatableNode - Will Winder
- #1376: [all] Upgrading Apache Commons IO from 2.4 to 2.6 - Thunderforge
- #1378: [all] Upgrading Apache Commons Lang 3 from 3.7 to 3.8.1 - Thunderforge
- #1382: [all] Replacing deprecated IO methods with ones that specify a charset - Thunderforge
- #1383: [java] Improved message for GuardLogStatement rule - Felix Lampe
- #1386: [go] [cpd] Add CPD support for Antlr based grammar on Golang - Matías Fraga
- #1398: [all] Upgrading SLF4J from 1.7.12 to 1.7.25 - Thunderforge
- #1400: [java] Fix Issue 1343: Update CommentDefaultAccessModifierRule - CrazyUnderdog
- #1401: [all] Replacing IOUtils.closeQuietly(foo) with try-with-resources statements - Thunderforge
- #1406: [jsp] Fix issue 1402: JspTokenManager has a problem about jsp scriptlet - JustPRV
- #1411: [core] Add ignore file path functionality - Jon Moroney
- #1414: [doc] Fix broken link. Fixes #1412 - Johan Hammar
30-September-2018 - 6.8.0
The PMD team is pleased to announce PMD 6.8.0.
This is a minor release.
Table Of Contents
New and noteworthy
Drawing a line between private and public API
Until now, all released public members and types were implicitly considered part of PMD’s public API, including inheritance-specific members (protected members, abstract methods). We have maintained those APIs with the goal to preserve full binary compatibility between minor releases, only breaking those APIs infrequently, for major releases.
In order to allow PMD to move forward at a faster pace, this implicit contract will be invalidated with PMD 7.0.0. We now introduce more fine-grained distinctions between the type of compatibility support we guarantee for our libraries, and ways to make them explicit to clients of PMD.
.internal
packages and @InternalApi
annotation
Internal API is meant for use only by the main PMD codebase. Internal types and methods may be modified in any way, or even removed, at any time.
Any API in a package that contains an .internal
segment is considered internal.
The @InternalApi
annotation will be used for APIs that have to live outside of
these packages, e.g. methods of a public type that shouldn’t be used outside of PMD (again,
these can be removed anytime).
@ReservedSubclassing
Types marked with the @ReservedSubclassing
annotation are only meant to be subclassed
by classes within PMD. As such, we may add new abstract methods, or remove protected methods,
at any time. All published public members remain supported. The annotation is not inherited, which
means a reserved interface doesn’t prevent its implementors to be subclassed.
@Experimental
APIs marked with the @Experimental
annotation at the class or method level are subject to change.
They can be modified in any way, or even removed, at any time. You should not use or rely
on them in any production code. They are purely to allow broad testing and feedback.
@Deprecated
APIs marked with the @Deprecated
annotation at the class or method level will remain supported
until the next major release but it is recommended to stop using them.
The transition
All currently supported APIs will remain so until 7.0.0. All APIs that are to be moved to
.internal
packages or hidden will be tagged @InternalApi
before that major release, and
the breaking API changes will be performed in 7.0.0.
Quickstart Ruleset
PMD 6.8.0 provides a first quickstart ruleset for Java, which you can use as a base ruleset to get your
custom ruleset started. You can reference it with rulesets/java/quickstart.xml
.
You are strongly encouraged to create your own ruleset
though.
The quickstart ruleset has the intention, to be useful out-of-the-box for many projects. Therefore it references only rules, that are most likely to apply everywhere.
Any feedback would be greatly appreciated.
New Rules
- The new Apex rule
ApexDoc
(apex-documentation
) enforces the inclusion of ApexDoc on classes, interfaces, properties and methods; as well as some sanity rules for such docs (no missing parameters, parameters’ order, and return value). By default, method overrides and test classes are allowed to not include ApexDoc.
Modified Rules
- The rule
MissingSerialVersionUID
(java-errorprone
) has been modified in order to recognize also missingserialVersionUID
fields in abstract classes, if they are serializable. Each individual class in the inheritance chain needs an own serialVersionUID field. See also Should an abstract class have a serialVersionUID. This change might lead to additional violations in existing code bases.
PLSQL
The grammar for PLSQL has been revamped in order to fully parse SELECT INTO
, UPDATE
, and DELETE
statements. Previously such statements have been simply skipped ahead, now PMD is parsing them, giving access
to the individual parts of a SELECT-statement, such as the Where-Clause. This might produce new parsing errors
where PMD previously could successfully parse PLSQL code. If this happens, please report a new issue to get this problem fixed.
Fixed Issues
- apex-bestpractices
- #1348: [apex] AvoidGlobalModifierRule gives warning even when its a webservice - false positive
- java-codestyle
- java-errorprone
- java-performance
- #1325: [java] False positive in ConsecutiveLiteralAppends
- plsql
- #1279: [plsql] Support for SELECT INTO
API Changes
-
A couple of methods and fields in
net.sourceforge.pmd.properties.AbstractPropertySource
have been deprecated, as they are replaced by already existing functionality or expose internal implementation details:propertyDescriptors
,propertyValuesByDescriptor
,copyPropertyDescriptors()
,copyPropertyValues()
,ignoredProperties()
,usesDefaultValues()
,useDefaultValueFor()
. -
Some methods in
net.sourceforge.pmd.properties.PropertySource
have been deprecated as well:usesDefaultValues()
,useDefaultValueFor()
,ignoredProperties()
. -
The class
net.sourceforge.pmd.lang.rule.AbstractDelegateRule
has been deprecated and will be removed with PMD 7.0.0. It is internally only in use by RuleReference. -
The default constructor of
net.sourceforge.pmd.lang.rule.RuleReference
has been deprecated and will be removed with PMD 7.0.0. RuleReferences should only be created by providing a Rule and a RuleSetReference. Furthermore the following methods are deprecated:setRuleReference()
,hasOverriddenProperty()
,usesDefaultValues()
,useDefaultValueFor()
.
External Contributions
- #1309: [core] [CPD] Decouple Antlr Tokenizer implementation from any CPD language supported with Antlr - Matías Fraga
- #1314: [apex] Add validation of ApexDoc comments - Jeff Hube
- #1339: [ci] Improve danger message - BBG
- #1340: [java] Derive correct classname for non-public non-classes - kris-scheibe
- #1357: [doc] Improve Codacy description - Daniel Reigada
02-September-2018 - 6.7.0
The PMD team is pleased to announce PMD 6.7.0.
This is a minor release.
Table Of Contents
New and noteworthy
Modified Rules
- The Java rule
OneDeclarationPerLine
(java-bestpractices
) has been revamped to consider not only local variable declarations, but field declarations too.
New Rules
-
The new Java rule
LinguisticNaming
(java-codestyle
) detects cases, when a method name indicates it returns a boolean (such asisSmall()
) but it doesn’t. Besides method names, the rule also checks field and variable names. It also checks, that getters return something but setters won’t. The rule has several properties with which it can be customized. -
The new PL/SQL rule
ForLoopNaming
(plsql-codestyle
) enforces a naming convention for “for loops”. Both “cursor for loops” and “index for loops” are covered. The rule can be customized via patterns. By default, short variable names are reported. -
The new Java rule
FieldNamingConventions
(java-codestyle
) detects field names that don’t comply to a given convention. It defaults to standard Java convention of using camelCase, but can be configured with ease for e.g. constants or static fields. -
The new Apex rule
OneDeclarationPerLine
(apex-codestyle
) enforces declaring a single field / variable per line; or per statement if thestrictMode
property is set. It’s an Apex equivalent of the already existing Java rule of the same name.
Deprecated Rules
- The Java rules
VariableNamingConventions
(java-codestyle),MIsLeadingVariableName
(java-codestyle),SuspiciousConstantFieldName
(java-codestyle), andAvoidPrefixingMethodParameters
(java-codestyle) are now deprecated, and will be removed with version 7.0.0. They are replaced by the more generalFieldNamingConventions
,FormalParameterNamingConventions
, andLocalVariableNamingConventions
.
Fixed Issues
- core
- #1191: [core] Test Framework: Sort violations by line/column
- #1283: [core] Deprecate ReportTree
- #1288: [core] No supported build listeners found with Gradle
- #1300: [core] PMD stops processing file completely, if one rule in a rule chain fails
- #1317: [ci] Coveralls hasn’t built the project since June 25th
- java-bestpractices
- java-codestyle
- java-errorprone
- #1078: [java] MissingSerialVersionUID rule does not seem to catch inherited classes
- java-performance
- jsp
- plsql
- #681: [plsql] Parse error with Cursor For Loop
API Changes
-
All classes in the package
net.sourceforge.pmd.lang.dfa.report
have been deprecated and will be removed with PMD 7.0.0. This includes the classnet.sourceforge.pmd.lang.dfa.report.ReportTree
. The reason is, that this class is very specific to Java and not suitable for other languages. It has only been used forYAHTMLRenderer
, which has been rewritten to work without these classes. -
The nodes RUNSIGNEDSHIFT and RSIGNEDSHIFT are deprecated and will be removed from the AST with PMD 7.0.0. These represented the operator of ShiftExpression in two cases out of three, but they’re not needed and make ShiftExpression inconsistent. The operator of a ShiftExpression is now accessible through ShiftExpression#getOperator.
External Contributions
- #109: [java] Add two linguistics rules under naming - Arda Aslan
- #1254: [ci] [GSoC] Integrating the danger and pmdtester to travis CI - BBG
- #1258: [java] Use typeof in MissingSerialVersionUID - krichter722
- #1264: [cpp] Fix NullPointerException in CPPTokenizer:99 - Rafael Cortês
- #1277: [jsp] #1276 add support for jspf and tag extensions - Jordi Llach
- #1275: [jsp] Issue #1274 - Support EL in tag attributes - Jordi Llach
- #1278: [ci] [GSoC] Use pmdtester 1.0.0.pre.beta3 - BBG
- #1289: [java] UselessParentheses: Fix false positive with assignments - cobratbq
- #1290: [docs] [GSoC] Create the documentation about pmdtester - BBG
- #1256: [java] #940 Avoid JUnit 4 false positives for JUnit 5 tests - Alex Shesterov
- #1315: [apex] Add OneDeclarationPerStatement rule - Jeff Hube
29-July-2018 - 6.6.0
The PMD team is pleased to announce PMD 6.6.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 11 Support
PMD is now able to parse the local-variable declaration syntax var xxx
, that has been
extended for lambda parameters with Java 11 via
JEP 323: Local-Variable Syntax for Lambda Parameters.
New Rules
-
The new Java rule
LocalVariableNamingConventions
(java-codestyle
) detects local variable names that don’t comply to a given convention. It defaults to standard Java convention of using camelCase, but can be configured. Special cases can be configured for final variables and caught exceptions’ names. -
The new Java rule
FormalParameterNamingConventions
(java-codestyle
) detects formal parameter names that don’t comply to a given convention. It defaults to standard Java convention of using camelCase, but can be configured. Special cases can be configured for final parameters and lambda parameters (considering whether they are explicitly typed or not).
Modified Rules
- The Java rules
AccessorClassGeneration
andAccessorMethodGeneration
(both in categoryjava-bestpractices
) have been modified to be only valid up until Java 10. Java 11 adds support for JEP 181: Nest-Based Access Control which avoids the generation of accessor classes / methods altogether.
Fixed Issues
- core
- doc
- #1215: [doc] TOC links don’t work?
- java-codestyle
- java-design
- plsql
- ui
- #1233: [ui] XPath autocomplete arrows on first and last items
API Changes
- The
findDescendantsOfType
methods innet.sourceforge.pmd.lang.ast.AbstractNode
no longer search for exact type matches, but will match subclasses, too. That means, it’s now possible to look for abstract node types such asAbstractJavaTypeNode
and not only for it’s concrete subtypes.
External Contributions
- #1182: [ui] XPath AutoComplete - Akshat Bahety
- #1231: [doc] Minor typo fix in installation.md - Ashish Rana
- #1250: [ci] [GSoC] Upload baseline of pmdtester automatically - BBG
26-June-2018 - 6.5.0
The PMD team is pleased to announce PMD 6.5.0.
This is a minor release.
Table Of Contents
New and noteworthy
New Rules
- The new Apex rule
AvoidNonExistentAnnotations
(apex-errorprone
) detects usages non-officially supported annotations. Apex supported non existent annotations for legacy reasons. In the future, use of such non-existent annotations could result in broken Apex code that will not compile. A full list of supported annotations can be found here
Modified Rules
- The Java rule UnnecessaryModifier (
java-codestyle
) now detects enum constrcutors with explicitprivate
modifier. The rule now produces better error messages letting you know exactly which modifiers are redundant at each declaration.
Fixed Issues
- all
- ecmascript
- #861: [ecmascript] InnaccurateNumericLiteral false positive with hex literals
- java
- java-bestpractices
- java-codestyle
- java-design
- #1200: [java] New default NcssCount method report level is drastically reduced from values of deprecated NcssMethodCount and NcssTypeCount
- xml
- #715: [xml] ProjectVersionAsDependencyVersion false positive
API Changes
-
The utility class
net.sourceforge.pmd.lang.java.ast.CommentUtil
has been deprecated and will be removed with PMD 7.0.0. Its methods have been intended to parse javadoc tags. A more useful solution will be added around the AST nodeFormalComment
, which contains as childrenJavadocElement
nodes, which in turn provide access to theJavadocTag
.All comment AST nodes (
FormalComment
,MultiLineComment
,SingleLineComment
) have a new methodgetFilteredComment()
which provide access to the comment text without the leading/*
markers. -
The method
AbstractCommentRule.tagsIndicesIn()
has been deprecated and will be removed with PMD 7.0.0. It is not very useful, since it doesn’t extract the information in a useful way. You would still need check, which tags have been found, and with which data they might be accompanied.
External Contributions
- #836: [apex] Add a rule to prevent use of non-existent annotations - anand13s
- #1159: [ui] Allow to setup the auxclasspath in the designer - Akshat Bahety
- #1169: [core] Update stylesheets with a default namespace - Matthew Duggan
- #1183: [java] fixed typos in rule remediation - Jake Hemmerle
- #1206: [java] Recommend StringBuilder next to StringBuffer - krichter722
29-May-2018 - 6.4.0
The PMD team is pleased to announce PMD 6.4.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 10 Support
PMD is now able to understand local-variable type inference as introduced by Java 10.
Simple type resolution features are available, e.g. the type of the variable s
is inferred
correctly as String
:
var s = "Java 10";
XPath Type Resolution Functions
For some time now PMD has supported Type Resolution, and exposed this functionality to XPath rules for the Java language
with the typeof
function. This function however had a number of shortcomings:
- It would take a first arg with the name to match if types couldn’t be resolved. In all cases this was
@Image
but was still required. - It required 2 separate arguments for the Fully Qualified Class Name and the simple name of the class against which to test.
- If only the Fully Qualified Class Name was provided, no simple name check was performed (not documented, but abused on some rules to “fix” some false positives).
In this release we are deprecating typeof
in favor of a simpler typeIs
function, which behaves exactly as the
old typeof
when given all 3 arguments.
typeIs
receives a single parameter, which is the fully qualified name of the class to test against.
So, calls such as:
//ClassOrInterfaceType[typeof(@Image, 'junit.framework.TestCase', 'TestCase')]
can now we expressed much more concisely as:
//ClassOrInterfaceType[typeIs('junit.framework.TestCase')]
With this change, we also allow to check against array types by just appending []
to the fully qualified class name.
These can be repeated for arrays of arrays (e.g. byte[][]
or java.lang.String[]
).
Additionally, we introduce the companion function typeIsExactly
, that receives the same parameters as typeIs
,
but checks for exact type matches, without considering the type hierarchy. That is, the test
typeIsExactly('junit.framework.TestCase')
will match only if the context node is an instance of TestCase
, but
not if it’s an instance of a subclass of TestCase
. Be aware then, that using that method with abstract types will
never match.
New Rules
-
The new Java rule
HardCodedCryptoKey
(java-security
) detects hard coded keys used for encryption. It is recommended to store keys outside of the source code. -
The new Java rule
IdenticalCatchBranches
(java-codestyle
) finds catch blocks, that catch different exception but perform the same exception handling and thus can be collapsed into a multi-catch try statement.
Modified Rules
-
The Java rule JUnit4TestShouldUseTestAnnotation (
java-bestpractices
) has a new parameter “testClassPattern”. It is used to distinguish test classes from other classes and avoid false positives. By default, any class, that has “Test” in its name, is considered a test class. -
The Java rule CommentDefaultAccessModifier (
java-codestyle
) allows now by default the comment “/* package */
in addition to “/* default */
. This behavior can still be adjusted by setting the propertyregex
.
Fixed Issues
- all
- java
- #672: [java] Support exact type matches for type resolution from XPath
- #743: [java] Prepare for Java 10
- #1077: [java] Analyzing enum with lambda passed in constructor fails with “The enclosing scope must exist.”
- #1115: [java] Simplify xpath typeof syntax
- #1131: [java] java.lang.ClassFormatError: Absent Code attribute in method that is not native or abstract in class file javax/faces/application/FacesMessage$Severity
- java-bestpractices
- java-codestyle
- #720: [java] ShortVariable should whitelist lambdas
- #955: [java] Detect identical catch statements
- #1114: [java] Star import overwritten by explicit import is not correctly handled
- #1064: [java] ClassNamingConventions suggests to add Util suffix for simple exception wrappers
- #1065: [java] ClassNamingConventions shouldn’t prohibit numbers in class names
- #1067: [java] [6.3.0] PrematureDeclaration false-positive
- #1096: [java] ClassNamingConventions is too ambitious on finding utility classes
- java-design
- java-performance
- doc
- vf-security
- #1100: [vf] URLENCODE is ignored as valid escape method
API Changes
- The following classes in package
net.sourceforge.pmd.benchmark
have been deprecated:Benchmark
,Benchmarker
,BenchmarkReport
,BenchmarkResult
,RuleDuration
,StringBuilderCR
andTextReport
. Their API is not supported anymore and is disconnected from the internals of PMD. Use the newer API based aroundTimeTracker
instead, which can be found in the same package. - The class
net.sourceforge.pmd.lang.java.xpath.TypeOfFunction
has been deprecated. Use the newerTypeIsFunction
in the same package. - The
typeof
methdos innet.sourceforge.pmd.lang.java.xpath.JavaFunctions
have been deprecated. Use the newertypeIs
method in the same class instead.. - The methods
isA
,isEither
andisNeither
ofnet.sourceforge.pmd.lang.java.typeresolution.TypeHelper
. Use the newisExactlyAny
andisExactlyNone
methods in the same class instead.
External Contributions
- #966: [java] Issue #955: add new rule to detect identical catch statement - Clément Fournier and BBG
- #1046: [java] New security rule for finding hard-coded keys used for cryptographic operations - Sergey Gorbaty
- #1101: [java] Fixes false positive for
DoNotExtendJavaLangError
- Akshat Bahety - #1106: [vf] URLENCODE is ignored as valid escape method - Robert Sösemann
- #1126: [java] Improve implementation hint in InefficientEmptyStringCheck - krichter722
- #1129: [java] Adjust InefficientEmptyStringCheck documentation - krichter722
- #1137: [ui] Removes the need for RefreshAST - Akshat Bahety
29-April-2018 - 6.3.0
The PMD team is pleased to announce PMD 6.3.0.
This is a minor release.
Table Of Contents
New and noteworthy
Tree Traversal Revision
As described in #904, when searching for child nodes of the AST methods
such as hasDescendantOfType
, getFirstDescendantOfType
and findDescendantsOfType
were found to behave inconsistently,
not all of them honoring find boundaries; that is, nodes that define a self-contained entity which should be considered separately
(think of lambdas, nested classes, anonymous classes, etc.). We have modified these methods to ensure all of them honor
find boundaries.
This change implies several false positives / unexpected results
(ie: ASTBlockStatement
falsely returning true
to isAllocation()
)
have been fixed; and lots of searches are now restricted to smaller search areas, which improves performance
(depending on the project, we have measured up to 10% improvements during Type Resolution, Symbol Table analysis,
and some rules’ application).
Naming Rules Enhancements
-
ClassNamingConventions (
java-codestyle
) has been enhanced to allow granular configuration of naming conventions for different kinds of type declarations (eg enum or abstract class). Each kind of declaration can use its own naming convention using a regex property. See the rule’s documentation for more info about configuration and default conventions. -
MethodNamingConventions (
java-codestyle
) has been enhanced in the same way.
CPD Suppression
Back in PMD 5.6.0 we introduced the ability to suppress CPD warnings in Java using comments, by
including CPD-OFF
(to start ignoring code), or CPD-ON
(to resume analysis) during CPD execution.
This has proved to be much more flexible and versatile than the old annotation-based approach,
and has since been the preferred way to suppress CPD warnings.
On this occasion, we are extending support for comment-based suppressions to many other languages:
- C/C++
- Ecmascript / Javascript
- Matlab
- Objective-C
- PL/SQL
- Python
So for instance, in Python we could now do:
class BaseHandler(object):
def __init__(self):
# some unignored code
# tell cpd to start ignoring code - CPD-OFF
# mission critical code, manually loop unroll
GoDoSomethingAwesome(x + x / 2);
GoDoSomethingAwesome(x + x / 2);
GoDoSomethingAwesome(x + x / 2);
GoDoSomethingAwesome(x + x / 2);
GoDoSomethingAwesome(x + x / 2);
GoDoSomethingAwesome(x + x / 2);
# resume CPD analysis - CPD-ON
# further code will *not* be ignored
Other languages are equivalent.
Swift 4.1 Support
Thanks to major contributions from kenji21 the Swift grammar has been updated to support Swift 4.1. This is a major update, since the old grammar was quite dated, and we are sure all iOS developers will enjoy it.
Unfortunately, this change is not compatible. The grammar elements that have been removed (ie: the keywords __FILE__
,
__LINE__
, __COLUMN__
and __FUNCTION__
) are no longer supported. We don’t usually introduce such
drastic / breaking changes in minor releases, however, given that the whole Swift ecosystem pushes hard towards
always using the latest versions, and that Swift needs all code and libraries to be currently compiling against
the same Swift version, we felt strongly this change was both safe and necessary to be shipped as soon as possible.
We had great feedback from the community during the process but if you have a legitimate use case for older Swift
versions, please let us know on our Issue Tracker.
New Rules
- The new Java rule InsecureCryptoIv (
java-security
) detects hard coded initialization vectors used in cryptographic operations. It is recommended to use a randomly generated IV.
Modified Rules
-
The Java rule UnnecessaryConstructor (
java-codestyle
) has been rewritten as a Java rule (previously it was a XPath-based rule). It supports a new propertyignoredAnnotations
and ignores by default empty constructors, that are annotated withjavax.inject.Inject
. Additionally, it detects now also unnecessary private constructors in enums. -
The property
checkNativeMethods
of the Java rule MethodNamingConventions (java-codestyle
) is now deprecated, as it is now superseded bynativePattern
. Support for that property will be maintained until 7.0.0. -
The Java rule ControlStatementBraces (
java-codestyle
) supports a new boolean propertycheckSingleIfStmt
. When unset, the rule won’t reportif
statements which lack braces, if the statement is not part of anif ... else if
chain. This property defaults to true.
Deprecated Rules
- The Java rule AbstractNaming (
java-codestyle
) is deprecated in favour of ClassNamingConventions. See Naming rules enhancements.
Fixed Issues
- all
- apex-errorprone
- #776: [apex] AvoidHardcodingId false positives
- documentation
- java
- #894: [java] Maven PMD plugin fails to process some files without any explanation
- #899: [java] JavaTypeDefinitionSimple.toString can cause NPEs
- #1020: [java] The CyclomaticComplexity rule runs forever in 6.2.0
- #1030: [java] NoClassDefFoundError when analyzing PMD with PMD
- #1061: [java] Update ASM to handle Java 10 bytecode
- java-bestpractices
- java-codestyle
- java-design
- #1056: [java] Property ignoredAnnotations does not work for SingularField and ImmutableField
- java-errorprone
- java-performance
- #586: [java] AvoidUsingShortType erroneously triggered on overrides of 3rd party methods
- swift
- #678: [swift][cpd] Exception when running for Swift 4 code (KeyPath)
External Contributions
- #778: [swift] Support Swift 4 grammar - kenji21
- #1002: [doc] Delete duplicate page contributing.md on the website - Ishan Srivastava
- #1008: [core] DOC: fix closing tag for <pmdVersion> - stonio
- #1010: [java] UnnecessaryConstructor triggered on required empty constructor (Dagger @Inject) - BBG
- #1012: [java] JUnitAssertionsShouldIncludeMessage - False positive with assertEquals and JUnit5 - BBG
- #1024: [java] Issue 558: Properlogger for enums - Utku Cuhadaroglu
- #1041: [java] Make BasicProjectMemoizer thread safe. - bergander
- #1042: [java] New security rule: report usage of hard coded IV in crypto operations - Sergey Gorbaty
- #1044: [java] Fix for issue #816 - Akshat Bahety
- #1048: [core] Make MultiThreadProcessor more space efficient - Gonzalo Exequiel Ibars Ingman
- #1062: [core] Update ASM to version 6.1.1 - Austin Shalit
26-March-2018 - 6.2.0
The PMD team is pleased to announce PMD 6.2.0.
This is a minor release.
Table Of Contents
New and noteworthy
Ecmascript (JavaScript)
The Rhino Library has been upgraded from version 1.7.7 to version 1.7.7.2.
Detailed changes for changed in Rhino can be found:
Both are bugfixing releases.
Disable Incremental Analysis
Some time ago, we added support for Incremental Analysis. On PMD 6.0.0, we started to add warns when not using it, as we strongly believe it’s a great improvement to our user’s experience as analysis time is greatly reduced; and in the future we plan to have it enabled by default. However, we realize some scenarios don’t benefit from it (ie: CI jobs), and having the warning logged can be noisy and cause confusion.
To this end, we have added a new flag to allow you to explicitly disable incremental analysis. On CLI, this is
the new -no-cache
flag. On Ant, there is a noCache
attribute for the <pmd>
task.
On both scenarios, disabling the cache takes precedence over setting a cache location.
New Rules
-
The new Java rule
MissingOverride
(categorybestpractices
) detects overridden and implemented methods, which are not marked with the@Override
annotation. Annotating overridden methods with@Override
ensures at compile time that the method really overrides one, which helps refactoring and clarifies intent. -
The new Java rule
UnnecessaryAnnotationValueElement
(categorycodestyle
) detects annotations with a single element (value
) that explicitely names it. That is, doing@SuppressWarnings(value = "unchecked")
would be flagged in favor of@SuppressWarnings("unchecked")
. -
The new Java rule
ControlStatementBraces
(categorycodestyle
) enforces the presence of braces on control statements where they are optional. Properties allow to customize which statements are required to have braces. This rule replaces the now deprecated rulesWhileLoopMustUseBraces
,ForLoopMustUseBraces
,IfStmtMustUseBraces
, andIfElseStmtMustUseBraces
. More than covering the use cases of those rules, this rule also supportsdo ... while
statements andcase
labels ofswitch
statements (disabled by default).
Modified Rules
-
The Java rule
CommentContentRule
(java-documentation
) previously had the propertywordsAreRegex
. But this property never had been implemented and is removed now. -
The Java rule
UnusedPrivateField
(java-bestpractices
) now has a newignoredAnnotations
property that allows to configure annotations that imply the field should be ignored. By default@java.lang.Deprecated
and@javafx.fxml.FXML
are ignored. -
The Java rule
UnusedPrivateMethod
(java-bestpractices
) now has a newignoredAnnotations
property that allows to configure annotations that imply the method should be ignored. By default@java.lang.Deprecated
is ignored. -
The Java rule
ImmutableField
(java-design
) now has a newignoredAnnotations
property that allows to configure annotations that imply the method should be ignored. By default severallombok
annotations are ignored -
The Java rule
SingularField
(java-design
) now has a newignoredAnnotations
property that allows to configure annotations that imply the method should be ignored. By default severallombok
annotations are ignored
Deprecated Rules
- The Java rules
WhileLoopMustUseBraces
,ForLoopMustUseBraces
,IfStmtMustUseBraces
, andIfElseStmtMustUseBraces
are deprecated. They will be replaced by the new ruleControlStatementBraces
, in the categorycodestyle
.
Fixed Issues
- all
- #928: [core] PMD build failure on Windows
- java-bestpracrtices
- java-codestyle
- java-design
- #832: [java] AvoidThrowingNullPointerException documentation suggestion
- #837: [java] CFGs of declared but not called lambdas are treated as parts of an enclosing method’s CFG
- #839: [java] SignatureDeclareThrowsException’s IgnoreJUnitCompletely property not honored for constructors
- #968: [java] UseUtilityClassRule reports false positive with lombok NoArgsConstructor
- documentation
API Changes
-
A new CLI switch,
-no-cache
, disables incremental analysis and the related suggestion. This overrides the-cache
option. The corresponding Ant task parameter isnoCache
. -
The static method
PMDParameters.transformParametersIntoConfiguration(PMDParameters)
is now deprecated, for removal in 7.0.0. The new instance methodPMDParameters.toConfiguration()
replaces it. -
The method
ASTConstructorDeclaration.getParameters()
has been deprecated in favor of the new methodgetFormalParameters()
. This method is available for bothASTConstructorDeclaration
andASTMethodDeclaration
.
External Contributions
- #941: [java] Use char notation to represent a character to improve performance - reudismam
- #943: [java] UnusedPrivateField false-positive with @FXML - BBG
- #951: [java] Add ignoredAnnotations property to unusedPrivateMethod rule - BBG
- #952: [java] SignatureDeclareThrowsException’s IgnoreJUnitCompletely property not honored for constructors - BBG
- #958: [java] Refactor how we ignore annotated elements in rules - BBG
- #965: [java] Make Varargs trigger ArrayIsStoredDirectly - Stephen
- #967: [doc] Issue 959: fixed broken link to XPath Rule Tutorial - Andrey Mochalov
- #969: [java] Issue 968 Add logic to handle lombok private constructors with utility classes - Kirk Clemens
- #970: [java] Fixed inefficient use of keySet iterator instead of entrySet iterator - Andrey Mochalov
- #984: [java] issue983 Add new UnnecessaryAnnotationValueElement rule - Kirk Clemens
- #989: [core] Update Contribute.md to close Issue #978 - Bolarinwa Saheed Olayemi
- #990: [java] Updated Doc on AvoidThrowingNullPointerException to close Issue #832 - Bolarinwa Saheed Olayemi
- #993: [core] Update writing_documentation.md to fix Issue #992 - Bolarinwa Saheed Olayemi
25-February-2018 - 6.1.0
The PMD team is pleased to announce PMD 6.1.0.
This is a minor release.
Table Of Contents
- New and noteworthy
- Fixed Issues
- API Changes * Changes to the Node interface * Changes to CPD renderers
- External Contributions
New and noteworthy
Designer UI
The Designer now supports configuring properties for XPath based rule development. The Designer is still under development and any feedback is welcome.
You can start the designer via run.sh designer
or designer.bat
.
Fixed Issues
- all
- doc
- java
- java-bestpractices
- java-design
- #855: [java] ImmutableField false-positive with lambdas
- java-documentation
- #877: [java] CommentRequired valid rule configuration causes PMD error
- java-errorprone
- #885: [java] CompareObjectsWithEqualsRule trigger by enum1 != enum2
- java-performance
- #541: [java] ConsecutiveLiteralAppends with types other than string
- scala
- #853: [scala] Upgrade scala version to support Java 9
- xml
- #739: [xml] IllegalAccessException when accessing attribute using Saxon on JRE 9
API Changes
Changes to the Node interface
The method getXPathNodeName
is added to the Node
interface, which removes the
use of the toString
of a node to get its XPath element name (see #569).
A default implementation is provided in AbstractNode
, to stay compatible
with existing implementors.
The toString
method of a Node is not changed for the time being, and still produces
the name of the XPath node. That behaviour may however change in future major releases,
e.g. to produce a more useful message for debugging.
Changes to CPD renderers
The interface net.sourceforge.pmd.cpd.Renderer
has been deprecated. A new interface net.sourceforge.pmd.cpd.renderer.CPDRenderer
has been introduced to replace it. The main difference is that the new interface is meant to render directly to a java.io.Writer
rather than to a String. This allows to greatly reduce the memory footprint of CPD, as on large projects, with many duplications,
it was causing OutOfMemoryError
s (see #795).
net.sourceforge.pmd.cpd.FileReporter
has also been deprecated as part of this change, as it’s no longer needed.
External Contributions
- #790: [java] Added some comments for JDK 9 - Tobias Weimer
- #803: [doc] Added SpotBugs as successor of FindBugs - Tobias Weimer
- #828: [core] Add operations to manipulate a document - Gonzalo Ibars Ingman
- #830: [java] UseArraysAsList: Description added - Tobias Weimer
- #845: [java] Fix false negative PreserveStackTrace on string concatenation - Alberto Fernández
- #868: [core] Improve XPath documentation && make small refactors - Gonzalo Ibars Ingman
- #875: [core] Support shortnames when using filelist - John Zhang
- #886: [java] Fix #885 - Matias Comercio
- #900: [core] Use the isEmpty method instead of comparing the value of size() to 0 - reudismam
- #914: [doc] Apex @SuppressWarnings documentation updated - Akshat Bahety
- #918: [doc] Add qa-eclipse as new tool - Akshat Bahety
- #927: [java][doc] Fix example of AbstractClassWithoutAnyMethod - Kazuma Watanabe
21-January-2018 - 6.0.1
The PMD team is pleased to announce PMD 6.0.1.
This is a bug fixing release.
Table Of Contents
- Additional information about the new introduced rule categories
- Fixed Issues
- API Changes
- External Contributions
Additional information about the new introduced rule categories
With the release of PMD 6.0.0, all rules have been sorted into one of the following eight categories:
- Best Practices: These are rules which enforce generally accepted best practices.
- Code Style: These rules enforce a specific coding style.
- Design: Rules that help you discover design issues.
- Documentation: These rules are related to code documentation.
- Error Prone: Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.
- Multithreading: These are rules that flag issues when dealing with multiple threads of execution.
- Performance: Rules that flag suboptimal code.
- Security: Rules that flag potential security flaws.
Please note, that not every category in every language may have a rule. There might be categories with no
rules at all, such as category/java/security.xml
, which has currently no rules.
There are even languages, which only have rules of one category (e.g. category/xml/errorprone.xml
).
You can find the information about available rules in the generated rule documentation, available at https://pmd.github.io/6.0.1/.
In order to help migrate to the new category scheme, the new name for the old, deprecated rule names will be logged as a warning. See PR #865. Please note, that the deprecated rule names will keep working throughout PMD 6. You can upgrade to PMD 6 without the immediate need to migrate your current ruleset. That backwards compatibility will be maintained until PMD 7.0.0 is released.
Fixed Issues
- all
- #842: [core] Use correct java bootclasspath for compiling
- apex-errorprone
- #792: [apex] AvoidDirectAccessTriggerMap incorrectly detects array access in classes
- apex-security
- #788: [apex] Method chaining breaks ApexCRUDViolation
- doc
- java
- java-bestpractices
- java-codestyle
- #817: [java] UnnecessaryModifierRule crashes on valid code
- java-design
- java-performance
- #841: [java] InsufficientStringBufferDeclaration NumberFormatException
- java-typeresolution
- #866: [java] rulesets/java/typeresolution.xml lists non-existent rules
API Changes
- The constant
net.sourceforge.pmd.PMD.VERSION
has been deprecated and will be removed with PMD 7.0.0. Please usenet.sourceforge.pmd.PMDVersion.VERSION
instead.
External Contributions
- #796: [apex] AvoidDirectAccessTriggerMap incorrectly detects array access in classes - Robert Sösemann
- #799: [apex] Method chaining breaks ApexCRUDViolation - Robert Sösemann
15-December-2017 - 6.0.0
The PMD team is pleased to announce PMD 6.0.0.
This is a major release.
Table Of Contents
New and noteworthy
New Rule Designer
Thanks to Clément Fournier, we now have a new rule designer GUI, which is based on JavaFX. It replaces the old designer and can be started via
bin/run.sh designer
(on Unix-like platform such as Linux and Mac OS X)bin\designer.bat
(on Windows)
Note: At least Java8 is required for the designer. The old designer is still available
as designerold
but will be removed with the next major release.
Java 9 support
The Java grammar has been updated to support analyzing Java 9 projects:
- private methods in interfaces are possible
- The underscore “_” is considered an invalid identifier
- Diamond operator for anonymous classes
- The module declarations in
module-info.java
can be parsed - Concise try-with-resources statements are supported
Java 9 support is enabled by default. You can switch back to an older java version
via the command line, e.g. -language java -version 1.8
.
Revamped Apex CPD
We are now using the Apex Jorje Lexer to tokenize Apex code for CPD. This change means:
- All comments are now ignored for CPD. This is consistent with how other languages such as Java and Groovy work.
- Tokenization honors the language specification, which improves accuracy.
CPD will therefore have less false positives and false negatives.
Java Type Resolution
As part of Google Summer of Code 2017, Bendegúz Nagy worked on type resolution for Java. For this release he has extended support for method calls for both instance and static methods.
Method shadowing and overloading are supported, as are varargs. However, the selection of the target method upon the presence of generics and type inference is still work in progress. Expect it in forecoming releases.
As for fields, the basic support was in place for release 5.8.0, but has now been expanded to support static fields.
Metrics Framework
As part of Google Summer of Code 2017, Clément Fournier is worked on the new metrics framework for object-oriented metrics.
There are already a couple of metrics (e.g. ATFD, WMC, Cyclo, LoC) implemented. More metrics are planned. Based on those metrics, rules like “GodClass” detection could be implemented more easily. The following rules benefit from the metrics framework: NcssCount (java), NPathComplexity (java), CyclomaticComplexity (both java and apex).
The Metrics framework has been abstracted and is available in pmd-core
for other languages. With this
PMD release, the metrics framework is supported for both Java and Apex.
Error Reporting
A number of improvements on error reporting have taken place, meaning changes to some of the report formats.
Also of note, the xml report now provides a XML Schema definition, allowing easier parsing and validation.
Processing Errors
Processing errors can now provide not only the message previously included on some reports, but also a full stacktrace. This will allow better error reports when providing feedback to the PMD team and help in debugging issues.
The report formats providing full stacktrace of errors are:
- html
- summaryhtml
- textcolor
- vbhtml
- xml
Configuration Errors
For a long time reports have been notified of configuration errors on rules, but they have remained hidden. On a push to make these more evident to users, and help them get the best results out of PMD, we have started to include them on the reports.
So far, only reports that include processing errors are showing configuration errors. In other words, the report formats providing configuration error reporting are:
- csv
- html
- summaryhtml
- text
- textcolor
- vbhtml
- xml
As we move forward we will be able to detect and report more configuration errors (ie: incomplete auxclasspath
)
and include them to such reports.
Apex Rule Suppression
Apex violations can now be suppressed very similarly to how it’s done in Java, by making use of a
@SuppressWarnings
annotation.
Supported syntax includes:
@SupressWarnings('PMD') // to supress all Apex rules
@SupressWarnings('all') // to supress all Apex rules
@SupressWarnings('PMD.ARuleName') // to supress only the rule named ARuleName
@SupressWarnings('PMD.ARuleName, PMD.AnotherRuleName') // to supress only the rule named ARuleName or AnotherRuleName
Notice this last scenario is slightly different to the Java syntax. This is due to differences in the Apex grammar for annotations.
Rule Categories
All built-in rules have been sorted into one of eight categories:
- Best Practices: These are rules which enforce generally accepted best practices.
- Code Style: These rules enforce a specific coding style.
- Design: Rules that help you discover design issues.
- Documentation: These rules are related to code documentation.
- Error Prone: Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.
- Multithreading: These are rules that flag issues when dealing with multiple threads of execution.
- Performance: Rules that flag suboptimal code.
- Security: Rules that flag potential security flaws.
These categories help you to find rules and figure out the relevance and impact for your project.
All rules have been moved accordingly, e.g. the rule “JumbledIncrementer”, which was previously defined in the
ruleset “java-basic” has now been moved to the “Error Prone” category. The new rule reference to be used is
<rule ref="category/java/errorprone.xml/JumbledIncrementer"/>
.
The old rulesets like “java-basic” are still kept for backwards-compatibility but will be removed eventually. The rule reference documentation has been updated to reflect these changes.
New Rules
-
The new Java rule
NcssCount
(categorydesign
) replaces the three rules “NcssConstructorCount”, “NcssMethodCount”, and “NcssTypeCount”. The new rule uses the metrics framework to achieve the same. It has two properties, to define the report level for method and class sizes separately. Constructors and methods are considered the same. -
The new Java rule
DoNotExtendJavaLangThrowable
(categoryerrorprone
) is a companion for thejava-strictexception.xml/DoNotExtendJavaLangError
, detecting direct extensions ofjava.lang.Throwable
. -
The new Java rule
ForLoopCanBeForeach
(categoryerrorprone
) helps to identify those for-loops that can be safely refactored into for-each-loops available since java 1.5. -
The new Java rule
AvoidFileStream
(categoryperformance
) helps to identify code relying onFileInputStream
/FileOutputStream
which, by using a finalizer, produces extra / unnecessary overhead to garbage collection, and should be replaced withFiles.newInputStream
/Files.newOutputStream
available since java 1.7. -
The new Java rule
DataClass
(categorydesign
) detects simple data-holders without behaviour. This might indicate that the behaviour is scattered elsewhere and the data class exposes the internal data structure, which breaks encapsulation. -
The new Apex rule
AvoidDirectAccessTriggerMap
(categoryerrorprone
) helps to identify direct array access to triggers, which can produce bugs by either accessing non-existing indexes, or leaving them out. You should use for-each-loops instead. -
The new Apex rule
AvoidHardcodingId
(categoryerrorprone
) detects hardcoded strings that look like identifiers and flags them. Record IDs change between environments, meaning hardcoded ids are bound to fail under a different setup. -
The new Apex rule
CyclomaticComplexity
(categorydesign
) detects overly complex classes and methods. The report threshold can be configured separately for classes and methods. - A whole bunch of new rules has been added to Apex. They all fit into the category
errorprone
. The 5 rules are migrated for Apex from the equivalent Java rules and include:EmptyCatchBlock
to detect catch blocks completely ignoring exceptions.EmptyIfStmt
for if blocks with no content, that can be safely removed.EmptyTryOrFinallyBlock
for empty try / finally blocks that can be safely removed.EmptyWhileStmt
for empty while loops that can be safely removed.EmptyStatementBlock
for empty code blocks that can be safely removed.
- The new Apex rule
AvoidSoslInLoops
(categoryperformance
) is the companion of the oldAvoidSoqlInLoops
rule, flagging SOSL (Salesforce Object Search Language) queries when within loops, to avoid governor issues, and hitting the database too often.
Modified Rules
-
The Java rule
UnnecessaryFinalModifier
(categorycodestyle
, former rulesetjava-unnecessarycode
) has been merged into the ruleUnnecessaryModifier
. As part of this, the rule has been revamped to detect more cases. It will now flag anonymous class’ methods marked as final (can’t be overridden, so it’s pointless), along with final methods overridden / defined within enum instances. It will also flagfinal
modifiers on try-with-resources. -
The Java rule
UnnecessaryParentheses
(categorycodestyle
, former rulesetjava-controversial
) has been merged intoUselessParentheses
(categorycodestyle
, former rulesetjava-unnecessary
). The rule covers all scenarios previously covered by either rule. -
The Java rule
UncommentedEmptyConstructor
(categorydocumentation
, former rulesetjava-design
) will now ignore empty constructors annotated withjavax.inject.Inject
. -
The Java rule
AbstractClassWithoutAnyMethod
(categorybestpractices
, former rulesetjava-design
) will now ignore classes annotated withcom.google.auto.value.AutoValue
. -
The Java rule
GodClass
(categorydesign', former ruleset
java-design`) has been revamped to use the new metrics framework. -
The Java rule
LooseCoupling
(categorybestpractices
, former rulesetjava-coupling
) has been replaced by the typeresolution-based implementation. -
The Java rule
CloneMethodMustImplementCloneable
(categoryerrorprone
, former rulesetjava-clone
) has been replaced by the typeresolution-based implementation and is now able to detect cases if a class implements or extends a Cloneable class/interface. -
The Java rule
UnusedImports
(categorybestpractices
, former rulesetjava-imports
) has been replaced by the typeresolution-based implementation and is now able to detect unused on-demand imports. -
The Java rule
SignatureDeclareThrowsException
(categorydesign
, former ruleset ‘java-strictexception’) has been replaced by the typeresolution-based implementation. It has a new propertyIgnoreJUnitCompletely
, which allows all methods in a JUnit testcase to throw exceptions. -
The Java rule
NPathComplexity
(categorydesign
, former rulesetjava-codesize
) has been revamped to use the new metrics framework. Its report threshold can be configured via the propertyreportLevel
, which replaces the now deprecated propertyminimum
. -
The Java rule
CyclomaticComplexity
(categorydesign
, former rulesetjava-codesize
) has been revamped to use the new metrics framework. Its report threshold can be configured via the propertiesclassReportLevel
andmethodReportLevel
separately. The old propertyreportLevel
, which configured the level for both total class and method complexity, is deprecated. - The Java rule
CommentRequired
(categorydocumentation
, former rulesetjava-comments
) has been revamped to include 2 new properties:accessorCommentRequirement
to specify documentation requirements for getters and setters (default toignored
)methodWithOverrideCommentRequirement
to specify documentation requirements for methods annotated with@Override
(default toignored
)
-
The Java rule
EmptyCatchBlock
(categoryerrorprone
, former rulesetjava-empty
) has been changed to ignore exceptions namedignore
orexpected
by default. You can still override this behaviour by setting theallowExceptionNameRegex
property. - The Java rule
OptimizableToArrayCall
(categoryperformance
, former rulesetdesign
) has been modified to fit for the current JVM implementations: It basically detects now the opposite and suggests to useCollection.toArray(new E[0])
with a zero-sized array. See Arrays of Wisdom of the Ancients.
Deprecated Rules
-
The Java rules
NcssConstructorCount
,NcssMethodCount
, andNcssTypeCount
(rulesetjava-codesize
) have been deprecated. They will be replaced by the new ruleNcssCount
in the categorydesign
. -
The Java rule
LooseCoupling
in rulesetjava-typeresolution
is deprecated. Use the rule with the same name from categorybestpractices
instead. -
The Java rule
CloneMethodMustImplementCloneable
in rulesetjava-typeresolution
is deprecated. Use the rule with the same name from categoryerrorprone
instead. -
The Java rule
UnusedImports
in rulesetjava-typeresolution
is deprecated. Use the rule with the same name from categorybestpractices
instead. -
The Java rule
SignatureDeclareThrowsException
in rulesetjava-typeresolution
is deprecated. Use the rule with the same name from categorydesign
instead. -
The Java rule
EmptyStaticInitializer
in rulesetjava-empty
is deprecated. Use the ruleEmptyInitializer
from the categoryerrorprone
, which covers both static and non-static empty initializers.` -
The Java rules
GuardDebugLogging
(rulesetjava-logging-jakarta-commons
) andGuardLogStatementJavaUtil
(rulesetjava-logging-java
) have been deprecated. Use the ruleGuardLogStatement
from the categorybestpractices
, which covers all cases regardless of the logging framework.
Removed Rules
- The deprecated Java rule
UseSingleton
has been removed from the rulesetjava-design
. The rule has been renamed long time ago toUseUtilityClass
(categorydesign
).
Java Symbol Table
A bug in symbol table prevented
the symbol table analysis to properly match primitive arrays types. The issue affected the java-unsedcode/UnusedPrivateMethod
rule, but other rules may now produce improved results as consequence of this fix.
Apex Parser Update
The Apex parser version was bumped, from 1.0-sfdc-187
to 210-SNAPSHOT
. This update let us take full advantage
of the latest improvements from Salesforce, but introduces some breaking changes:
BlockStatements
are now created for all control structures, even if no brace is used. We have therefore added ahasCurlyBrace
method to differentiate between both scenarios.- New AST node types are available. In particular
CastExpression
,ConstructorPreamble
,IllegalStoreExpression
,MethodBlockStatement
,Modifier
,MultiStatement
,NestedExpression
,NestedStoreExpression
,NewKeyValueObjectExpression
andStatementExecuted
- Some nodes have been removed. Such is the case of
TestNode
,DottedExpression
andNewNameValueObjectExpression
(replaced byNewKeyValueObjectExpression
)
All existing rules have been updated to reflect these changes. If you have custom rules, be sure to update them.
For more info about the included Apex parser, see the new pmd module “pmd-apex-jorje”, which packages and provides the parser as a binary.
Incremental Analysis
The incremental analysis feature first introduced in PMD 5.6.0 has been enhanced. A few minor issues have been fixed, and several improvements have been performed to make it more accurate.
The cache will now detect changes to the JARs referenced in the auxclasspath
instead of simply looking at their paths
and order. This means that if you are referencing a JAR you are overwriting in some way, the incremental analysis can
now detect it and invalidate it’s cache to avoid false reports.
Similarly, any changes to the execution classpath of PMD will invalidate the cache. This means that if you have custom rules packaged in a jar, any changes to it will invalidate the cache automatically.
We have also improved logging on the analysis code, allowing better insight into how the cache is performing, under debug / verbose builds you can even see individual hits / misses to the cache (and the reason for any miss!)
Finally, as this feature keeps maturing, we are gently pushing this forward. If not using incremental analysis, a warning will now be produced suggesting users to adopt it for better performance.
Rule and Report Properties
The implementation around the properties support for rule properties and report properties has been revamped
to be fully typesafe. Along with that change, the support classes have been moved into an own
package net.sourceforge.pmd.properties
. While there is no change necessary in the ruleset XML files,
when using/setting values for rules, there are adjustments necessary when declaring properties in Java-implemented
rules.
Rule properties can be declared both for Java based rules and XPath rules. This is now very well documented in Working with properties.
With PMD 6.0.0, multivalued properties are now also possible with XPath rules.
Fixed Issues
- all
- #394: [core] PMD exclude rules are failing with IllegalArgumentException with non-default minimumPriority
- #532: [core] security concerns on URL-based rulesets
- #538: [core] Provide an XML Schema for XML reports
- #600: [core] Nullpointer while creating cache File
- #604: [core] Incremental analysis should detect changes to jars in classpath
- #608: [core] Add DEBUG log when applying incremental analysis
- #618: [core] Incremental Analysis doesn’t close file correctly on Windows upon a cache hit
- #643: [core] PMD Properties (dev-properties) breaks markup on CodeClimateRenderer
- #680: [core] Isolate classloaders for runtime and auxclasspath
- #762: [core] Remove method and file property from available property descriptors for XPath rules
- #763: [core] Turn property descriptor util into an enum and enrich its interface
- apex
- #265: [apex] Make Rule suppression work
- #488: [apex] Use Apex lexer for CPD
- #489: [apex] Update Apex compiler
- #500: [apex] Running through CLI shows jorje optimization messages
- #605: [apex] java.lang.NoClassDefFoundError in the latest build
- #637: [apex] Avoid SOSL in loops
- #760: [apex] EmptyStatementBlock complains about missing rather than empty block
- #766: [apex] Replace old Jorje parser with new one
- #768: [apex] java.lang.NullPointerException from PMD
- cpp
- #448: [cpp] Write custom CharStream to handle continuation characters
- java
- #1454: [java] OptimizableToArrayCall is outdated and invalid in current JVMs
- #1513: [java] Remove deprecated rule UseSingleton
- #328: [java] java.lang.ClassFormatError: Absent Code attribute in method that is not native or abstract in class file javax/servlet/jsp/PageContext
- #487: [java] Fix typeresolution for anonymous extending object
- #496: [java] processing error on generics inherited from enclosing class
- #510: [java] Typeresolution fails on a simple primary when the source is loaded from a class literal
- #527: [java] Lombok getter annotation on enum is not recognized correctly
- #534: [java] NPE in MethodTypeResolution for static methods
- #603: [core] incremental analysis should invalidate upon Java rule plugin changes
- #650: [java] ProcesingError analyzing code under 5.8.1
- #732: [java] LinkageError with aux classpath
- java-basic
- #565: [java] False negative on DontCallThreadRun when extending Thread
- java-comments
- java-controversial
- java-design
- java-logging * #457: [java] Merge all log guarding rules * #721: [java] NPE in PMD 5.8.1 InvalidSlf4jMessageFormat
- java-sunsecure
- #468: [java] ArrayIsStoredDirectly false positive
- java-unusedcode
- #521: [java] UnusedPrivateMethod returns false positives with primitive data type in map argument
- java-unnecessarycode
API Changes
-
The class
net.sourceforge.pmd.lang.dfa.NodeType
has been converted to an enum. All node types are enum members now instead of int constants. The names for node types are retained. -
The Properties API (rule and report properties) has been revamped to be fully typesafe. This is everything around
net.sourceforge.pmd.properties.PropertyDescriptor
.Note: All classes related to properties have been moved into the package
net.sourceforge.pmd.properties
. -
The rule classes
net.sourceforge.pmd.lang.apex.rule.apexunit.ApexUnitTestClassShouldHaveAsserts
andnet.sourceforge.pmd.lang.apex.rule.apexunit.ApexUnitTestShouldNotUseSeeAllDataTrue
have been renamed toApexUnitTestClassShouldHaveAssertsRule
andApexUnitTestShouldNotUseSeeAllDataTrueRule
, respectively. This is to comply with the naming convention, that each rule class should be suffixed with “Rule”.This change has no impact on custom rulesets, since the rule names themselves didn’t change.
-
The never implemented method
PMD.processFiles(PMDConfiguration, RuleSetFactory, Collection<File>, RuleContext, ProgressMonitor)
along with the interfaceProgressMonitor
has been removed. -
The method
PMD.setupReport(RuleSets, RuleContext, String)
is gone. It was used to report dysfunctional rules. But PMD does this now automatically before processing the files, so there is no need for this method anymore. - All APIs deprecated in older versions are now removed. This includes:
Renderer.getPropertyDefinitions
AbstractRenderer.defineProperty(String, String)
AbstractRenderer.propertyDefinitions
ReportListener
Report.addListener(ReportListener)
SynchronizedReportListener
CPDConfiguration.CPDConfiguration(int, Language, String)
CPDConfiguration.getRendererFromString(String)
StreamUtil
StringUtil.appendXmlEscaped(StringBuilder, String)
StringUtil.htmlEncode(String)
- Several methods in
net.sourceforge.pmd.util.CollectionUtil
have been deprecated and will be removed in PMD 7.0.0. In particular:CollectionUtil.addWithoutDuplicates(T[], T)
CollectionUtil.addWithoutDuplicates(T[], T[])
CollectionUtil.areSemanticEquals(T[], T[])
CollectionUtil.areEqual(Object, Object)
CollectionUtil.arraysAreEqual(Object, Object)
CollectionUtil.valuesAreTransitivelyEqual(Object[], Object[])
- Several methods in
net.sourceforge.pmd.util.StringUtil
have been deprecated and will be removed in PMD 7.0.0. In particular:StringUtil.startsWithAny(String, String[])
StringUtil.isNotEmpty(String)
StringUtil.isEmpty(String)
StringUtil.isMissing(String)
StringUtil.areSemanticEquals(String, String)
StringUtil.replaceString(String, String, String)
StringUtil.replaceString(String, char, String)
StringUtil.substringsOf(String, char)
StringUtil.substringsOf(String, String)
StringUtil.asStringOn(StringBuffer, Iterator, String)
StringUtil.asStringOn(StringBuilder, Object[], String)
StringUtil.lpad(String, int)
-
The class
net.sourceforge.pmd.lang.java.typeresolution.typedefinition.JavaTypeDefinition
is now abstract, and has been enhanced to provide several new methods. -
The constructor of
net.sourceforge.pmd.RuleSetFactory
, which took aClassLoader
is deprecated. Please use the alternative constructor with thenet.sourceforge.pmd.util.ResourceLoader
instead. - The following GUI related classes have been deprecated and will be removed in PMD 7.0.0.
The tool “bgastviewer”, that could be started via the script
bgastviewer.bat
orrun.sh bgastviewer
is deprecated, too, and will be removed in PMD 7.0.0. Both the “old designer” and “bgastviewer” are replaced by the New Rule Designer.net.sourceforge.pmd.util.designer.CodeEditorTextPane
net.sourceforge.pmd.util.designer.CreateXMLRulePanel
net.sourceforge.pmd.util.designer.Designer
net.sourceforge.pmd.util.designer.DFAPanel
net.sourceforge.pmd.util.designer.LineGetter
net.sourceforge.pmd.util.viewer.Viewer
net.sourceforge.pmd.util.viewer.gui.ActionCommands
net.sourceforge.pmd.util.viewer.gui.ASTPanel
net.sourceforge.pmd.util.viewer.gui.EvaluationResultsPanel
net.sourceforge.pmd.util.viewer.gui.MainFrame
net.sourceforge.pmd.util.viewer.gui.ParseExceptionHandler
net.sourceforge.pmd.util.viewer.gui.SourceCodePanel
net.sourceforge.pmd.util.viewer.gui.XPathPanel
net.sourceforge.pmd.util.viewer.gui.menu.ASTNodePopupMenu
net.sourceforge.pmd.util.viewer.gui.menu.AttributesSubMenu
net.sourceforge.pmd.util.viewer.gui.menu.SimpleNodeSubMenu
net.sourceforge.pmd.util.viewer.gui.menu.XPathFragmentAddingItem
net.sourceforge.pmd.util.viewer.model.ASTModel
net.sourceforge.pmd.util.viewer.model.AttributeToolkit
net.sourceforge.pmd.util.viewer.model.SimpleNodeTreeNodeAdapter
net.sourceforge.pmd.util.viewer.model.ViewerModel
net.sourceforge.pmd.util.viewer.model.ViewerModelEvent
net.sourceforge.pmd.util.viewer.model.ViewerModelListener
net.sourceforge.pmd.util.viewer.util.NLS
- The following methods in
net.sourceforge.pmd.Rule
have been deprecated and will be removed in PMD 7.0.0. All methods are replaced by their bean-like counterpartsvoid setUsesDFA()
. Usevoid setDfa(boolean)
instead.boolean usesDFA()
. Useboolean isDfa()
instead.void setUsesTypeResolution()
. Usevoid setTypeResolution(boolean)
instead.boolean usesTypeResolution()
. Useboolean isTypeResolution()
instead.void setUsesMultifile()
. Usevoid setMultifile(boolean)
instead.boolean usesMultifile()
. Useboolean isMultifile()
instead.boolean usesRuleChain()
. Useboolean isRuleChain()
instead.
External Contributions
- #287: [apex] Make Rule suppression work - Robert Sösemann
- #420: [java] Fix UR anomaly in assert statements - Clément Fournier
- #482: [java] Metrics testing framework + improved capabilities for metrics - Clément Fournier
- #484: [core] Changed linux usage to a more unix like path - patriksevallius
- #486: [java] Add basic method typeresolution - Bendegúz Nagy
- #492: [java] Typeresolution for overloaded methods - Bendegúz Nagy
- #495: [core] Custom rule reinitialization code - Clément Fournier
- #479: [core] Typesafe and immutable properties - Clément Fournier
- #499: [java] Metrics memoization tests - Clément Fournier
- #501: [java] Add support for most specific vararg method type resolution - Bendegúz Nagy
- #502: [java] Add support for static field type resolution - Bendegúz Nagy
- #505: [java] Followup on metrics - Clément Fournier
- #506: [java] Add reduction rules to type inference - Bendegúz Nagy
- #511: [core] Prepare abstraction of the metrics framework - Clément Fournier
- #512: [java] Add incorporation to type inference - Bendegúz Nagy
- #513: [java] Fix for maximally specific method selection - Bendegúz Nagy
- #514: [java] Add static method type resolution - Bendegúz Nagy
- #517: [doc] Metrics documentation - Clément Fournier
- #518: [core] Properties refactoring: factorized enumerated property - Clément Fournier
- #523: [java] Npath complexity metric and rule - Clément Fournier
- #524: [java] Add support for explicit type arguments with method invocation - Bendegúz Nagy
- #525: [core] Fix line ending and not ignored files issues - Matias Comercio
- #528: [core] Fix typo - Ayoub Kaanich
- #529: [java] Abstracted the Java metrics framework - Clément Fournier
- #530: [java] Fix issue #527: Lombok getter annotation on enum is not recognized correctly - Clément Fournier
- #533: [core] improve error message - Dennis Kieselhorst
- #535: [apex] Fix broken Apex visitor adapter - Clément Fournier
- #542: [java] Metrics abstraction - Clément Fournier
- #545: [apex] Apex metrics framework - Clément Fournier
- #548: [java] Metrics documentation - Clément Fournier
- #550: [java] Add basic resolution to type inference - Bendegúz Nagy
- #553: [java] Refactored ParserTst into a static utility class + add getSourceFromClass - Clément Fournier
- #554: [java] Fix #537: UnnecessaryParentheses fails to detect obvious scenario - Clément Fournier
- #555: [java] Changed metrics/CyclomaticComplexityRule to use WMC when reporting classes - Clément Fournier
- #556: [java] Fix #357: UncommentedEmptyConstructor consider annotations on Constructor - Clément Fournier
- #557: [java] Fix NPath metric not counting ternaries correctly - Clément Fournier
- #563: [java] Add support for basic method type inference for strict invocation - Bendegúz Nagy
- #566: [java] New rule in migrating ruleset: ForLoopCanBeForeach - Clément Fournier
- #567: [java] Last API change for metrics (metric options) - Clément Fournier
- #570: [java] Model lower, upper and intersection types - Bendegúz Nagy
- #573: [java] Data class rule - Clément Fournier
- #576: [doc][java] Add hint for Guava users in InefficientEmptyStringCheck - mmoehring
- #578: [java] Refactored god class rule - Clément Fournier
- #579: [java] Update parsing to produce upper and lower bounds - Bendegúz Nagy
- #580: [core] Add AbstractMetric to topple the class hierarchy of metrics - Clément Fournier
- #581: [java] Relax AbstractClassWithoutAnyMethod when class is annotated by @AutoValue - Niklas Baudy
- #583: [java] Documentation about writing metrics - Clément Fournier
- #585: [java] Moved NcssCountRule to codesize.xml - Clément Fournier
- #587: [core] Properties refactoring: Move static constants of ValueParser to class ValueParserConstants - Clément Fournier
- #588: [java] XPath function to compute metrics - Clément Fournier
- #598: [java] Fix #388: controversial.AvoidLiteralsInIfCondition 0.0 false positive - Clément Fournier
- #602: [java] [apex] Separate multifile analysis from metrics - Clément Fournier
- #620: [core] Moved properties to n.s.pmd.properties - Clément Fournier
- #625: [apex] empty code ruleset for apex - Jan Aertgeerts
- #632: [apex] Add AvoidDirectAccessTriggerMap rule to the style set - Jan Aertgeerts
- #644: [core] Prevent internal dev-properties from being displayed on CodeClimate renderer - Filipe Esperandio
- #660: [apex] avoid sosl in loops - Jan Aertgeerts
- #661: [apex] avoid hardcoding id’s - Jan Aertgeerts
- #666: [java] Add DoNotExtendJavaLangThrowable rule - Robert Painsi
- #668: [core] Fix javadoc warnings on pmd-core - Clément Fournier
- #669: [core] Builder pattern for properties - Clément Fournier
- #675: [java] Fix in Java grammar: Try with final resource node error - Gonzalo Ibars Ingman
- #679: [core] Token scheme generalization - Gonzalo Ibars Ingman
- #694: [core] Add minor fixes to root pom - Matias Comercio
- #696: [core] Add remove operation over nodes - Matias Comercio
- #711: [ui] New rule designer - Clément Fournier
- #722: [java] Move NPathComplexity from metrics to design - Clément Fournier
- #723: [core] Rule factory refactoring - Clément Fournier
- #726: [java] Fix issue #721 (NPE in InvalidSlf4jMessageFormat) - Clément Fournier
- #727: [core] Fix #725: numeric property descriptors now check their default value - Clément Fournier
- #733: [java] Some improvements to CommentRequired - Clément Fournier
- #734: [java] Move CyclomaticComplexity from metrics to design - Clément Fournier
- #736: [core] Make Saxon support multi valued XPath properties - Clément Fournier
- #737: [doc] Fix NPathComplexity documentation bad rendering - Clément Fournier
- #744: [doc] Added Apex to supported languages - Michał Kuliński
- #746: [doc] Fix typo in incremental analysis log message - Clément Fournier
- #749: [doc] Update the documentation for properties - Clément Fournier
- #758: [core] Expose the full mapping from property type id to property extractor - Clément Fournier
- #764: [core] Prevent method and file property use in XPath rules - Clément Fournier
- #771: [apex] Fix Apex metrics framework failing on triggers, refs #768 - Clément Fournier
- #774: [java] Avoid using FileInput/Output - see JDK-8080225 - Chas Honton
01-July-2017 - 5.8.1
The PMD team is pleased to announce PMD 5.8.1.
This is a bug fixing release.
Fixed Issues
- java
API Changes
- The
getGenericArgs()
method introduced toTypeNode
in 5.8.0 was removed. You can access to generics’ info through theJavaTypeDefinition
object. - The
JavaTypeDefinitionBuilder
class introduced in 5.8.0 is not more. You can use factory methods available onJavaTypeDefinition
External Contributions
- #472: [java] fix error with raw types, bug #471
24-June-2017 - 5.8.0
The PMD team is pleased to announce PMD 5.8.0.
This is a minor release.
New and noteworthy
Java Type Resolution
As part of Google Summer of Code 2017, Bendegúz Nagy has been working on completing type resolution for Java. His progress so far has allowed to properly resolve, in addition to previously supported statements:
- References to
this
andsuper
, even when qualified - References to fields, even when chained (ie:
this.myObject.aField
), and properly handling inheritance / shadowing
Lambda parameter types where these are infered rather than explicit are still not supported. Expect future releases to do so.
Metrics Framework
As part of Google Summer of Code 2017, Clément Fournier has been working on a new metrics framework for object-oriented metrics.
The basic groundwork has been done already and with this release, including a first rule based on the metrics framework as a proof-of-concept: The rule CyclomaticComplexity, currently in the temporary ruleset java-metrics, uses the Cyclomatic Complexity metric to find overly complex code. This rule will eventually replace the existing three CyclomaticComplexity rules that are currently defined in the java-codesize ruleset (see also issue #445).
Since this work is still in progress, the metrics API (package net.sourceforge.pmd.lang.java.oom
)
is not finalized yet and is expected to change.
Modified Rules
-
The Java rule
UnnecessaryFinalModifier
(ruleset java-unnecessary) now also reports on private methods marked asfinal
. Being private, such methods can’t be overriden, and therefore, the final keyword is redundant. -
The Java rule
PreserveStackTrace
(ruleset java-design) has been relaxed to support the builder pattern on thrown exception. This change may introduce some false positives if using the exception in non-orthodox ways for things other than setting the root cause of the exception. Contact us if you find any such scenarios. -
The ruleset java-junit now properly detects JUnit5, and rules are being adapted to the changes on it’s API. This support is, however, still incomplete. Let us know of any uses we are still missing on the issue tracker
-
The Java rule
EmptyTryBlock
(ruleset java-empty) now allows empty blocks when using try-with-resources. -
The Java rule
EmptyCatchBlock
(ruleset java-empty) now exposes a new property calledallowExceptionNameRegex
. This allow to setup a regular expression for names of exceptions you wish to ignore for this rule. For instance, setting it to^(ignored|expected)$
would ignore all empty catch blocks where the catched exception is named eitherignored
orexpected
. The default ignores no exceptions, being backwards compatible.
Deprecated Rules
- The three complexity rules
CyclomaticComplexity
,StdCyclomaticComplexity
,ModifiedCyclomaticComplexity
(ruleset java-codesize) have been deprecated. They will be eventually replaced by a new CyclomaticComplexity rule based on the metrics framework. See also issue #445.
Fixed Issues
- General
- apex
- #427: [apex] CPD error when parsing apex code from release 5.5.3
- cpp
- #431: [cpp] CPD gives wrong duplication blocks for CPP code
- java
- java-design
- java-empty
- java-imports:
- #348: [java] imports/UnusedImport rule not considering static inner classes of imports
- java-junit
- java-logging:
- #365: [java] InvalidSlf4jMessageFormat does not handle inline incrementation of arguments
- java-strictexceptions
- #350: [java] Throwing Exception in method signature is fine if the method is overriding or implementing something
- java-typeresolution
- #350: [java] Throwing Exception in method signature is fine if the method is overriding or implementing something
- java-unnecessary
- #421: [java] UnnecessaryFinalModifier final in private method
- jsp
- #311: [jsp] Parse error on HTML boolean attribute
External Contributions
- #406: [java] False positive with lambda in java-design/ConstructorCallsOverridableMethod
- #409: [java] Groundwork for the upcoming metrics framework
- #416: [java] FIXED: Java 8 parsing problem with annotations for wildcards
- #418: [java] Type resolution: super and this keywords
- #423: [java] Add field access type resolution in non-generic cases
- #425: [java] False positive with builder pattern in java-design/PreserveStackTrace
- #426: [java] UnnecessaryFinalModifier final in private method
- #436: [java] Metrics framework tests and various improvements
- #440: [core] Created ruleset schema 3.0.0 (to use metrics)
- #443: [java] Optimize typeresolution, by skipping package and import declarations in visit(ASTName)
- #444: [java] [typeresolution]: add support for generic fields
- #451: [java] Metrics framework: first metrics + first rule
20-Mai-2017 - 5.7.0
The PMD team is pleased to announce PMD 5.7.0.
This is a minor release.
New and noteworthy
Modified Rules
-
The rule “FieldDeclarationsShouldBeAtStartOfClass” of the java-design ruleset has a new property
ignoreInterfaceDeclarations
. Setting this property totrue
ignores interface declarations, that precede fields. Example usage:
Renderers
- Added the ‘empty’ renderer which will write nothing. Does not affect other behaviors, for example the command line PMD exit status will still indicate whether violations were found.
Fixed Issues
- General
- java
- #378: [java] Parser Error for empty statements
- java-coupling
- #1427: [java] Law of Demeter violations for the Builder pattern
- java-design
- java-junit
- #358: [java] Mockito verify method is not taken into account in JUnitTestsShouldIncludeAssert rule
- java-strings
- #334: [java] [doc] Add suggestion to use StringUtils#isBlank for InefficientEmptyStringCheck
- jsp-basic
- #369: [jsp] Wrong issue “JSP file should use UTF-8 encoding”
API Changes
- The method
net.sourceforge.pmd.util.StringUtil#htmlEncode(String)
is deprecated.org.apache.commons.lang3.StringEscapeUtils#escapeHtml4(String)
should be used instead.
External Contributions
- #368: [vf] Adding proper AST support for negation expressions
- #372: [core] Fix XSS in HTML renderer
- #374: [java] Add property to ignore interfaces in FieldDeclarationsShouldBeAtStartOfClassRule
- #381: [core] Fix broken link in the site’s doc
- #382: [java] Added documentation details on InefficientEmptyStringCheck
- #383: [jsp] Fixed JspEncoding false positive
- #390: [java] Remove trailing whitespaces in design.xml
- #391: [apex] Fix documentation typo
- #392: [java] False positive for Law Of Demeter (Builder pattern)
- #395: [java] Mockito verify method is not taken into account in JUnitTestsShouldIncludeAssert rule
29-April-2017 - 5.6.1
The PMD team is pleased to announce PMD 5.6.1.
This is a bug fixing release.
Fixed Issues
- General
22-April-2017 - 5.6.0
The PMD team is pleased to announce PMD 5.6.0.
The most significant changes are on analysis performance, support for Salesforce’s Visualforce language a whole new Apex Security Rule Set and the new Braces Rule Set for Apex.
We have added initial support for incremental analysis. The experimental feature allows PMD to cache analysis results between executions to speed up the analysis for all languages. New CLI flags and Ant options are available to configure it. Currently the feature is disabled by default, but this may change as it matures.
Multithread performance has been enhanced by reducing thread-contention on a bunch of areas. This is still an area of work, as the speedup of running multithreaded analysis is still relatively small (4 threads produce less than a 50% speedup). Future releases will keep improving on this area.
Once again, Symbol Table has been an area of great performance improvements. This time we were able to further improve it’s performance by roughly 10% on all supported languages. In Java in particular, several more improvements were possible, improving Symbol Table performance by a whooping 80%, that’s over 15X faster than PMD 5.5.1, when we first started working on it.
Java developers will also appreciate the revamp of CloneMethodMustImplementCloneable
,
making it over 500X faster, and PreserveStackTrace
which is now 7X faster.
New and noteworthy
Incremental Analysis
PMD now supports incremental analysis. Analysis results can be cached and reused between runs. This allows PMD to skip files without violations that have remained unchanged. In future releases, we plan to extend this behavior to unchanged files with violations too.
The cache is automatically invalidated if:
- the used PMD version changes
- the
auxclasspath
changed and any rules require type resolution - the configured rule set has changed
This feature is incubating and is disabled by default. It’s only enabled if you specifically configure a cache file.
To configure the cache file from CLI, a new -cache <path/to/file>
flag has been added.
For Ant, a new cacheLocation
attribute has been added. For instance:
<target name="pmd">
<taskdef name="pmd" classname="net.sourceforge.pmd.ant.PMDTask"/>
<pmd cacheLocation="build/pmd/pmd.cache">
<ruleset>rulesets/java/design.xml</ruleset>
<ruleset>java-basic</ruleset>
<formatter type="xml" toFile="c:\pmd_report.xml"/>
<fileset dir="/usr/local/j2sdk1.4.1_01/src/">
<include name="java/lang/*.java"/>
</fileset>
</pmd>
</target>
Visualforce Support
Salesforce developers rejoice. To out growing Apex support we have added full Visualforce support.
Both CPD and PD are available. So far only a security ruleset is available (vf-security
).
Visualforce Security Rule Set
VfUnescapeEl
The rule looks for Expression Language occurances printing unescaped values from the backend. These could lead to XSS attacks.
VfCsrf
The rule looks for <apex:page>
tags performing an action on page load, definish such action
through Expression Language, as doing so is vulnerable to CSRF attacks.
Apex Security Rule Set
A new ruleset focused on security has been added, consisting of a wide range of rules to detect most common security problems.
ApexBadCrypto
The rule makes sure you are using randomly generated IVs and keys for Crypto
calls.
Hard-wiring these values greatly compromises the security of encrypted data.
For instance, it would report violations on code such as:
public class without sharing Foo {
Blob hardCodedIV = Blob.valueOf('Hardcoded IV 123');
Blob hardCodedKey = Blob.valueOf('0000000000000000');
Blob data = Blob.valueOf('Data to be encrypted');
Blob encrypted = Crypto.encrypt('AES128', hardCodedKey, hardCodedIV, data);
}
ApexCRUDViolation
The rule validates you are checking for access permissions before a SOQL/SOSL/DML operation. Since Apex runs in system mode not having proper permissions checks results in escalation of privilege and may produce runtime errors. This check forces you to handle such scenarios.
For example, the following code is considered valid:
public class Foo {
public Contact foo(String status, String ID) {
Contact c = [SELECT Status__c FROM Contact WHERE Id=:ID];
// Make sure we can update the database before even trying
if (!Schema.sObjectType.Contact.fields.Name.isUpdateable()) {
return null;
}
c.Status__c = status;
update c;
return c;
}
}
ApexCSRF
Check to avoid making DML operations in Apex class constructor/init method. This prevents modification of the database just by accessing a page.
For instance, the following code would be invalid:
public class Foo {
public init() {
insert data;
}
public Foo() {
insert data;
}
}
ApexDangerousMethods
Checks against calling dangerous methods.
For the time being, it reports:
- Against
FinancialForce
’sConfiguration.disableTriggerCRUDSecurity()
. Disabling CRUD security opens the door to several attacks and requires manual validation, which is unreliable. - Calling
System.debug
passing sensitive data as parameter, which could lead to exposure of private data.
ApexInsecureEndpoint
Checks against accessing endpoints under plain http. You should always use https for security.
ApexOpenRedirect
Checks against redirects to user-controlled locations. This prevents attackers from redirecting users to phishing sites.
For instance, the following code would be reported:
public class without sharing Foo {
String unsafeLocation = ApexPage.getCurrentPage().getParameters.get('url_param');
PageReference page() {
return new PageReference(unsafeLocation);
}
}
ApexSharingViolations
Detect classes declared without explicit sharing mode if DML methods are used. This forces the developer to take access restrictions into account before modifying objects.
ApexSOQLInjection
Detects the usage of untrusted / unescaped variables in DML queries.
For instance, it would report on:
public class Foo {
public void test1(String t1) {
Database.query('SELECT Id FROM Account' + t1);
}
}
ApexSuggestUsingNamedCred
Detects hardcoded credentials used in requests to an endpoint.
You should refrain from hardcoding credentials:
- They are hard to maintain by being mixed in application code
- Particularly hard to update them when used from different classes
- Granting a developer access to the codebase means granting knowledge of credentials, keeping a two-level access is not possible.
- Using different credentials for different environments is troublesome and error-prone.
Instead, you should use Named Credentials and a callout endpoint.
For more information, you can check this
ApexXSSFromEscapeFalse
Reports on calls to addError
with disabled escaping. The message passed to addError
will be displayed directly to the user in the UI, making it prime ground for XSS
attacks if unescaped.
ApexXSSFromURLParam
Makes sure that all values obtained from URL parameters are properly escaped / sanitized to avoid XSS attacks.
Apex Braces Rule Set
The Braces Rule Set has been added and serves the same purpose as the Braces Rule Set from Java: It checks the use and placement of braces around if-statements, for-loops and so on.
IfStmtsMustUseBraces
Avoid using if statements without using braces to surround the code block. If the code formatting or indentation is lost then it becomes difficult to separate the code being controlled from the rest.
For instance, the following code shows the different. PMD would report on the not recommended approach:
if (foo) // not recommended
x++;
if (foo) { // preferred approach
x++;
}
WhileLoopsMustUseBraces
Avoid using ‘while’ statements without using braces to surround the code block. If the code formatting or indentation is lost then it becomes difficult to separate the code being controlled from the rest.
For instance, the following code shows the different. PMD would report on the not recommended approach:
while (true) // not recommended
x++;
while (true) { // preferred approach
x++;
}
IfElseStmtsMustUseBraces
Avoid using if..else statements without using surrounding braces. If the code formatting or indentation is lost then it becomes difficult to separate the code being controlled from the rest.
For instance, the following code shows the different. PMD would report on the not recommended approach:
// this is not recommended
if (foo)
x = x+1;
else
x = x-1;
// preferred approach
if (foo) {
x = x+1;
} else {
x = x-1;
}
ForLoopsMustUseBraces
Avoid using ‘for’ statements without using surrounding braces. If the code formatting or indentation is lost then it becomes difficult to separate the code being controlled from the rest.
For instance, the following code shows the different. PMD would report on the not recommended approach:
for (int i = 0; i < 42; i++) // not recommended
foo();
for (int i = 0; i < 42; i++) { // preferred approach
foo();
}
New Rules
AccessorMethodGeneration (java-design)
When accessing a private field / method from another class, the Java compiler will generate an accessor method with package-private visibility. This adds overhead, and to the dex method count on Android. This situation can be avoided by changing the visibility of the field / method from private to package-private.
For instance, it would report violations on code such as:
public class OuterClass {
private int counter;
/* package */ int id;
public class InnerClass {
InnerClass() {
OuterClass.this.counter++; // wrong, accessor method will be generated
}
public int getOuterClassId() {
return OuterClass.this.id; // id is package-private, no accessor method needed
}
}
}
This new rule is part of the java-design
ruleset.
Modified Rules
-
The Java rule
UnnecessaryLocalBeforeReturn
(ruleset java-design) now has a new propertystatementOrderMatters
. It is enabled by default to stay backwards compatible. But if this property is set tofalse
, this rule no longer requires the variable declaration and return statement to be on consecutive lines. Any variable that is used solely in a return statement will be reported. -
The Java rule
UseLocaleWithCaseConversions
(ruleset java-design) has been modified, to detect calls totoLowerCase
and totoUpperCase
also within method call chains. This leads to more detected cases and potentially new false positives. See also bugfix #1556. -
The Java rule
AvoidConstantsInterface
(ruleset java-design) has been removed. It is completely replaced by the ruleConstantsInInterface
. - The Java rule
UnusedModifier
(ruleset java-unusedcode) has been moved to the ruleset java-unnecessary and has been renamed toUnnecessaryModifier
. Additionally, it has been expanded to consider more redundant modifiers:- Annotations marked as
abstract
. - Nested annotations marked as
static
. - Nested annotations within another interface or annotation marked as
public
. - Classes, interfaces or annotations nested within an annotation marked as
public
orstatic
. - Nested enums marked as
static
.
- Annotations marked as
- The Java rule
JUnitTestsShouldIncludeAssert
(ruleset java-junit) now accepts usage of@Rule
ExpectedException
to set expectations on exceptions, and are considered as valid assertions.
CPD Suppression
It is now possible to allow CPD suppression through comments in Java. You tell CPD to ignore
the following code with a comment containin CPD-OFF
and with CPD-ON
you tell CPD to resume
analysis. The old approach via @SuppressWarnings
annotation is still supported, but is considered
deprecated, since it is limited to locations where the SuppressWarnings
annotation is allowed.
See PR #250.
For example:
public Object someMethod(int x) throws Exception {
// some unignored code
// tell cpd to start ignoring code - CPD-OFF
// mission critical code, manually loop unroll
goDoSomethingAwesome(x + x / 2);
goDoSomethingAwesome(x + x / 2);
goDoSomethingAwesome(x + x / 2);
goDoSomethingAwesome(x + x / 2);
goDoSomethingAwesome(x + x / 2);
goDoSomethingAwesome(x + x / 2);
// resume CPD analysis - CPD-ON
// further code will *not* be ignored
}
CPD filelist command line option
CPD now supports the command line option --filelist
. With that, you can specify a file, which
contains the names and paths of the files, that should be analyzed. This is similar to PMD’s filelist option.
You need to use this, if you have a large project with many files, and you hit the command line length limit.
Fixed Issues
- General
- #1511: [core] Inconsistent behavior of Rule.start/Rule.end
- #234: [core] Zip file stream closes spuriously when loading rulesets
- #256: [core] shortnames option is broken with relative paths
- #305: [core] PMD not executing under git bash
- #324: [core] Automated release - github release notes missing
- #337: [core] Version 5.5.4 seems to hold file lock on rules JAR (affects Windows only)
- apex-apexunit
- #1543: [apex] ApexUnitTestClassShouldHaveAsserts assumes APEX is case sensitive
- apex-complexity
- apex-security
- java
- #185: [java] CPD runs into NPE when analyzing Lucene
- #206: [java] Parse error on annotation fields with generics
- #207: [java] Parse error on method reference with generics
- #208: [java] Parse error with local class with 2 or more annotations
- #213: [java] CPD: OutOfMemory when analyzing Lucene
- #309: [java] Parse error on method reference
- #1542: [java] CPD throws an NPE when parsing enums with -ignore-identifiers
- #1545: [java] Symbol Table fails to resolve inner classes
- java-basic
- #232: [java] SimplifiedTernary: Incorrect ternary operation can be simplified.
- java-coupling
- #270: [java] LoD false positive
- java-design
- #933: [java] UnnecessaryLocalBeforeReturn false positive for SuppressWarnings annotation
- #1448: [java] ImmutableField: Private field in inner class gives false positive with lambdas
- #1495: [java] UnnecessaryLocalBeforeReturn with assert
- #1496: [java] New Rule: AccesorMethodGeneration - complements accessor class rule
- #1512: [java] Combine rules AvoidConstantsInInterface and ConstantsInInterface
- #1552: [java] MissingBreakInSwitch - False positive for continue
- #1556: [java] UseLocaleWithCaseConversions does not works with
ResultSet
(false negative) - #177: [java] SingularField with lambdas as final fields
- #216: [java] [doc] NonThreadSafeSingleton: Be more explicit as to why double checked locking is not recommended
- #219: [java] UnnecessaryLocalBeforeReturn: ClassCastException in switch case with local variable returned
- #240: [java] UnnecessaryLocalBeforeReturn: Enhance by checking usages
- #274: [java] AccessorMethodGeneration: Method inside static inner class incorrectly reported
- #275: [java] FinalFieldCouldBeStatic: Constant in @interface incorrectly reported as “could be made static”
- #282: [java] UnnecessaryLocalBeforeReturn false positive when cloning Maps
- #291: [java] Improve quality of AccessorClassGeneration
- #310: [java] UnnecessaryLocalBeforeReturn enhancement is overly restrictive – method order matters
- #352: [java] AccessorClassGeneration throws ClassCastException when seeing array construction
- java-imports
- #338: [java] False positive on DontImportJavaLang when importing java.lang.ProcessBuilder
- #339: [java] False positive on DontImportJavaLang when importing Java 7’s java.lang.invoke.MethodHandles
- #1546: [java] UnnecessaryFullyQualifiedNameRule doesn’t take into consideration conflict resolution
- #1547: [java] UnusedImportRule - False Positive for only usage in Javadoc - {@link ClassName#CONSTANT}
- #1555: [java] UnnecessaryFullyQualifiedName: Really necessary fully qualified name
- java-junit
- java-logging-java
- java-optimizations
- java-strings
- java-unnecessary
- #199: [java] UselessParentheses: Parentheses in return statement are incorrectly reported as useless
- java-unusedcode
- XML
- #1518: [xml] Error while processing xml file with “.webapp” in the file or directory name
- psql
- #1549: [plsql] Parse error for IS [NOT] NULL construct
- javascript
- #201: [javascript] template strings are not correctly parsed
API Changes
net.sourceforge.pmd.RuleSetFactory
is now immutable and its behavior cannot be changed anymore. It provides constructors to create new adjusted instances. This allows to avoid synchronization in RuleSetFactory. See PR #131.net.sourceforge.pmd.RuleSet
is now immutable, too, and can only be created viaRuleSetFactory
. See PR #145.net.sourceforge.pmd.cli.XPathCLI
has been removed. It’s functionality is fully covered by the Designer.net.sourceforge.pmd.Report
now works withThreadSafeReportListener
s. BothReportListener
andSynchronizedReportListener
are deprecated in favor ofnet.sourceforge.pmd.ThreadSafeReportListener
. Therefore, the methodsgetSynchronizedListeners()
andaddSynchronizedListeners(...)
have been replaced bygetListeners()
andaddListeners(...)
. See PR #193.
External Contributions
- #123: [apex] Changing method names to lowercase so casing doesn’t matter
- #129: [plsql] Added correct parse of IS [NOT] NULL and multiline DML
- #137: [apex] Adjusted remediation points
- #146: [apex] Detection of missing Apex CRUD checks for SOQL/DML operations
- #147: [apex] Adding XSS detection to return statements
- #148: [apex] Improving detection of SOQL injection
- #149: [apex] Whitelisting String.isEmpty and casting
- #152: [java] fixes #1552 continue does not require break
- #154: [java] Fix #1547: UnusedImports: Adjust regex to support underscores
- #158: [apex] Reducing FPs in SOQL with VF getter methods
- #160: [apex] Flagging of dangerous method call
- #163: [apex] Flagging of System.debug
- #165: [apex] Improving open redirect rule to avoid test classes/methods
- #167: [apex] GC and thread safety changes
- #169: [apex] Improving detection for DML with inline new object
- #170: [core] Ant Task Formatter encoding issue with XMLRenderer
- #172: [apex] Bug fix, detects both Apex fields and class members
- #175: [apex] ApexXSSFromURLParam: Adding missing casting methods
- #176: [apex] Bug fix for FP: open redirect for strings prefixed with / is safe
- #179: [apex] Legacy test class declaration support
- #181: [apex] Control flow based CRUD rule checking
- #184: [apex] Improving open redirect detection for static fields & assignment operations
- #189: [apex] Bug fix of SOQL concatenated vars detection
- #191: [apex] Detection of sharing violation when Database. methods are used
- #192: [apex] Dead code removal
- #200: [javascript] Templatestring grammar fix
- #204: [apex] Sharing violation SOQL detection bug fix
- #214: [apex] Sharing violation improving reporting of the correct node, de-duping
- #217: [core] Make it build on Windows
- #227: [apex] Improving detection of getters
- #228: [apex] Excluding count from CRUD/FLS checks
- #229: [apex] Dynamic SOQL is safe against Integer, Boolean, Double
- #231: [apex] CRUD/FLS rule - add support for fields
- #266: [java] corrected invalid reporting of LoD violation
- #268: [apex] Support safe escaping via String method
- #273: [apex] Shade jackson on apex
- #279: [vf] New Salesforce VisualForce language support
- #280: [apex] Support for Aggregate Result in CRUD rules
- #281: [apex] Add Braces Rule Set
- #283: [vf] CSRF in VF controller pages
- #284: [vf] Adding support for parsing EL in script tags
- #288: [vf] Setting the tab size to 4 for VF
- #289: [apex] Complex SOQL Crud check bug fixes
- #296: [apex] Adding String.IsNotBlank to the whitelist to prevent False positives
- #297: [core] CPD: Adding the –filelist option from pmd to cpd
- #303: [java] InefficientEmptyStringCheckRule now reports String.trim().isEmpty()
- #307: [java] Fix false positive with UseStringBufferForStringAppendsRule
- #308: [java] JUnitTestsShouldIncludeAssertRule supports @Rule annotated ExpectedExceptions
- #313: [vf] Apex:iFrame not being detected - bug fix
- #314: [vf] Bug fixes for incorrect Id detection and escaping
- #316: [apex] Ignoring certain rules in Batch classes, Queueable, and install scripts
- #317: [apex] Add support for safe ID assignment from URL param
- #326: [vf] Quote detection improvement and method argument detection
- #327: [apex] Fixed SOQL injection detection for escaped vars
- #331: [java] JunitTestsShouldIncludeAssertRule now handles AllocationExpression correctly
- #332: [java] Future-proof DontImportJavaLangRule
- #340: [vf] Multiple parser bug fixes
- #341: [vf] JSON.parse(..) and NOT(..) are safely evaluated
- #343: [apex] int,id,boolean,ternary operator condition are not injection in Soql
- #344: [apex] ApexCRUDViolationRule: Bug fix for ClassCastException
- #351: [vf] Fixing regression introduced by #341
29-April-2017 - 5.5.7
The PMD team is pleased to announce PMD 5.5.7.
This is a bug fixing release.
Fixed Issues
- General
- #364: [core] Stream closed exception when running through maven
19-April-2017 - 5.5.6
The PMD team is pleased to announce PMD 5.5.6.
This is a bug fixing release.
Fixed Issues
- General
27-March-2017 - 5.5.5
The PMD team is pleased to announce PMD 5.5.5.
Fixed Issues
- general:
- #305: [core] PMD not executing under git bash
- java:
- #309: [java] Parse error on method reference
- java-design
- #274: [java] AccessorMethodGeneration: Method inside static inner class incorrectly reported
- #275: [java] FinalFieldCouldBeStatic: Constant in @interface incorrectly reported as “could be made static”
- #282: [java] UnnecessaryLocalBeforeReturn false positive when cloning Maps
- #291: [java] Improve quality of AccessorClassGeneration
- java-junit:
- #285: [java] JUnitTestsShouldIncludeAssertRule should support @Rule as well as @Test(expected = …)
- java-optimizations:
- #222: [java] UseStringBufferForStringAppends: False Positive with ternary operator
- java-strings:
- #290: [java] InefficientEmptyStringCheck misses String.trim().isEmpty()
External Contributions
- #280: [apex] Support for Aggregate Result in CRUD rules
- #289: [apex] Complex SOQL Crud check bug fixes
- #296: [apex] Adding String.IsNotBlank to the whitelist to prevent False positives
- #303: [java] InefficientEmptyStringCheckRule now reports String.trim().isEmpty()
- #307: [java] Fix false positive with UseStringBufferForStringAppendsRule
- #308: [java] JUnitTestsShouldIncludeAssertRule supports @Rule annotated ExpectedExceptions
25-Februar-2017 - 5.5.4
The PMD team is pleased to announce PMD 5.5.4
New and noteworthy
New Rules
AccessorMethodGeneration (java-design)
When accessing a private field / method from another class, the Java compiler will generate a accessor methods with package-private visibility. This adds overhead, and to the dex method count on Android. This situation can be avoided by changing the visibility of the field / method from private to package-private.
For instance, it would report violations on code such as:
public class OuterClass {
private int counter;
/* package */ int id;
public class InnerClass {
InnerClass() {
OuterClass.this.counter++; // wrong, accessor method will be generated
}
public int getOuterClassId() {
return OuterClass.this.id; // id is package-private, no accessor method needed
}
}
}
This new rule is part of the java-design
ruleset.
Modified Rules
- The Java rule
UnusedModifier
(ruleset java-unusedcode) has been expanded to consider more redundant modifiers.- Annotations marked as
abstract
. - Nested annotations marked as
static
. - Nested annotations within another interface or annotation marked as
public
. - Classes, interfaces or annotations nested within an annotation marked as
public
orstatic
. - Nested enums marked as
static
.
- Annotations marked as
- The Java rule
UnnecessaryLocalBeforeReturn
(ruleset java-design) no longer requires the variable declaration and return statement to be on consecutive lines. Any variable that is used solely in a return statement will be reported.
Fixed Issues
- General
- apex-complexity
- #251: [apex] NCSS Type length is incorrect when using method chaining
- apex-security
- #264: [apex] ApexXSSFromURLParamRule shouldn’t enforce ESAPI usage. String.escapeHtml4 is sufficient.
- java-basic
- #232: [java] SimplifiedTernary: Incorrect ternary operation can be simplified.
- java-coupling
- #270: [java] LoD false positive
- java-design
- #933: [java] UnnecessaryLocalBeforeReturn false positive for SuppressWarnings annotation
- #1496: [java] New Rule: AccesorMethodGeneration - complements accessor class rule
- #216: [java] [doc] NonThreadSafeSingleton: Be more explicit as to why double checked locking is not recommended
- #219: [java] UnnecessaryLocalBeforeReturn: ClassCastException in switch case with local variable returned
- #240: [java] UnnecessaryLocalBeforeReturn: Enhance by checking usages
- java-optimizations
- #215: [java] RedundantFieldInitializer report for annotation field not explicitly marked as final
- java-unusedcode
External Contributions
- #227: [apex] Improving detection of getters
- #228: [apex] Excluding count from CRUD/FLS checks
- #229: [apex] Dynamic SOQL is safe against Integer, Boolean, Double
- #231: [apex] CRUD/FLS rule - add support for fields
- #266: [java] corrected invalid reporting of LoD violation
- #268: [apex] Support safe escaping via String method
- #273: [apex] Shade jackson on apex
28-January-2017 - 5.5.3
The PMD team is pleased to announce PMD 5.5.3
The most significant changes are on analysis performance and a whole new Apex Security Rule Set.
Multithread performance has been enhanced by reducing thread-contention on a bunch of areas. This is still an area of work, as the speedup of running multithreaded analysis is still relatively small (4 threads produce less than a 50% speedup). Future releases will keep improving on this area.
Once again, Symbol Table has been an area of great performance improvements. This time we were able to further improve it’s performance by roughly 10% on all supported languages. In Java in particular, several more improvements were possible, improving Symbol Table performance by a whooping 30%, that’s over 5X faster than PMD 5.5.1, when we first started working on it.
Java developers will also appreciate the revamp of CloneMethodMustImplementCloneable
,
making it over 500X faster, and PreserveStackTrace
which is now 7X faster.
New and noteworthy
Apex Security Rule Set
A new ruleset focused on security has been added, consisting of a wide range of rules to detect most common security problems.
ApexBadCrypto
The rule makes sure you are using randomly generated IVs and keys for Crypto
calls.
Hard-wiring these values greatly compromises the security of encrypted data.
For instance, it would report violations on code such as:
public class without sharing Foo {
Blob hardCodedIV = Blob.valueOf('Hardcoded IV 123');
Blob hardCodedKey = Blob.valueOf('0000000000000000');
Blob data = Blob.valueOf('Data to be encrypted');
Blob encrypted = Crypto.encrypt('AES128', hardCodedKey, hardCodedIV, data);
}
ApexCRUDViolation
The rule validates you are checking for access permissions before a SOQL/SOSL/DML operation. Since Apex runs in system mode not having proper permissions checks results in escalation of privilege and may produce runtime errors. This check forces you to handle such scenarios.
For example, the following code is considered valid:
public class Foo {
public Contact foo(String status, String ID) {
Contact c = [SELECT Status__c FROM Contact WHERE Id=:ID];
// Make sure we can update the database before even trying
if (!Schema.sObjectType.Contact.fields.Name.isUpdateable()) {
return null;
}
c.Status__c = status;
update c;
return c;
}
}
ApexCSRF
Check to avoid making DML operations in Apex class constructor/init method. This prevents modification of the database just by accessing a page.
For instance, the following code would be invalid:
public class Foo {
public init() {
insert data;
}
public Foo() {
insert data;
}
}
ApexDangerousMethods
Checks against calling dangerous methods.
For the time being, it reports:
- Against
FinancialForce
’sConfiguration.disableTriggerCRUDSecurity()
. Disabling CRUD security opens the door to several attacks and requires manual validation, which is unreliable. - Calling
System.debug
passing sensitive data as parameter, which could lead to exposure of private data.
ApexInsecureEndpoint
Checks against accessing endpoints under plain http. You should always use https for security.
ApexOpenRedirect
Checks against redirects to user-controlled locations. This prevents attackers from redirecting users to phishing sites.
For instance, the following code would be reported:
public class without sharing Foo {
String unsafeLocation = ApexPage.getCurrentPage().getParameters.get('url_param');
PageReference page() {
return new PageReference(unsafeLocation);
}
}
ApexSharingViolations
Detect classes declared without explicit sharing mode if DML methods are used. This forces the developer to take access restrictions into account before modifying objects.
ApexSOQLInjection
Detects the usage of untrusted / unescaped variables in DML queries.
For instance, it would report on:
public class Foo {
public void test1(String t1) {
Database.query('SELECT Id FROM Account' + t1);
}
}
ApexSuggestUsingNamedCred
Detects hardcoded credentials used in requests to an endpoint.
You should refrain from hardcoding credentials:
- They are hard to mantain by being mixed in application code
- Particularly hard to update them when used from different classes
- Granting a developer access to the codebase means granting knowledge of credentials, keeping a two-level access is not possible.
- Using different credentials for different environments is troublesome and error-prone.
Instead, you should use Named Credentials and a callout endpoint.
For more information, you can check this
ApexXSSFromEscapeFalse
Reports on calls to addError
with disabled escaping. The message passed to addError
will be displayed directly to the user in the UI, making it prime ground for XSS
attacks if unescaped.
ApexXSSFromURLParam
Makes sure that all values obtained from URL parameters are properly escaped / sanitized to avoid XSS attacks.
Modified Rules
The Java rule “UseLocaleWithCaseConversions” (ruleset java-design) has been modified, to detect calls
to toLowerCase
and to toUpperCase
also within method call chains. This leads to more detected cases
and potentially new false positives.
See also bugfix #1556.
Fixed Issues
- General
- #1511: [core] Inconsistent behavior of Rule.start/Rule.end
- apex-apexunit
- #1543: [apex] ApexUnitTestClassShouldHaveAsserts assumes APEX is case sensitive
- apex-complexity
- #183: [apex] NCSS Method length is incorrect when using method chaining
- java
- #185: [java] CPD runs into NPE when analyzing Lucene
- #206: [java] Parse error on annotation fields with generics
- #207: [java] Parse error on method reference with generics
- #208: [java] Parse error with local class with 2 or more annotations
- #213: [java] CPD: OutOfMemory when analyzing Lucene
- #1542: [java] CPD throws an NPE when parsing enums with -ignore-identifiers
- #1545: [java] Symbol Table fails to resolve inner classes
- java-design
- #1448: [java] ImmutableField: Private field in inner class gives false positive with lambdas
- #1495: [java] UnnecessaryLocalBeforeReturn with assert
- #1552: [java] MissingBreakInSwitch - False positive for continue
- #1556: [java] UseLocaleWithCaseConversions does not works with
ResultSet
(false negative) - #177: [java] SingularField with lambdas as final fields
- java-imports
- java-logging-java
- java-unnecessary
- #199: [java] UselessParentheses: Parentheses in return statement are incorrectly reported as useless
- java-strings
- #202: [java] [doc] ConsecutiveAppendsShouldReuse is not really an optimization
- XML
- #1518: [xml] Error while processing xml file with “.webapp” in the file or directory name
- psql
- #1549: [plsql] Parse error for IS [NOT] NULL construct
- javascript
- #201: [javascript] template strings are not correctly parsed
API Changes
net.sourceforge.pmd.RuleSetFactory
is now immutable and its behavior cannot be changed anymore. It provides constructors to create new adjusted instances. This allows to avoid synchronization in RuleSetFactory. See PR #131.
External Contributions
- #123: [apex] Changing method names to lowercase so casing doesn’t matter
- #129: [plsql] Added correct parse of IS [NOT] NULL and multiline DML
- #137: [apex] Adjusted remediation points
- #146: [apex] Detection of missing Apex CRUD checks for SOQL/DML operations
- #147: [apex] Adding XSS detection to return statements
- #148: [apex] Improving detection of SOQL injection
- #149: [apex] Whitelisting String.isEmpty and casting
- #152: [java] fixes #1552 continue does not require break
- #154: [java] Fix #1547: UnusedImports: Adjust regex to support underscores
- #158: [apex] Reducing FPs in SOQL with VF getter methods
- #160: [apex] Flagging of dangerous method call
- #163: [apex] Flagging of System.debug
- #165: [apex] Improving open redirect rule to avoid test classes/methods
- #167: [apex] GC and thread safety changes
- #169: [apex] Improving detection for DML with inline new object
- #170: [core] Ant Task Formatter encoding issue with XMLRenderer
- #172: [apex] Bug fix, detects both Apex fields and class members
- #175: [apex] ApexXSSFromURLParam: Adding missing casting methods
- #176: [apex] Bug fix for FP: open redirect for strings prefixed with / is safe
- #179: [apex] Legacy test class declaration support
- #181: [apex] Control flow based CRUD rule checking
- #184: [apex] Improving open redirect detection for static fields & assignment operations
- #189: [apex] Bug fix of SOQL concatenated vars detection
- #191: [apex] Detection of sharing violation when Database. methods are used
- #192: [apex] Dead code removal
- #200: [javascript] Templatestring grammar fix
- #204: [apex] Sharing violation SOQL detection bug fix
- #214: [apex] Sharing violation improving reporting of the correct node, de-duping
05-November-2016 - 5.5.2
Summary:
- 1 new language for CPD: Groovy
- 1 new rule: plsql-strictsyntax/MisplacedPragma
- 12 pull requests
- 17 bug fixes
New Supported Languages:
- CPD now supports Groovy. See PR#107.
Feature Requests and Improvements:
- plsql
- #1539: [plsql] Create new rule for strict syntax checking: MisplacedPragma
New Rules:
- New Rules for plsql
- plsql-strictsyntax: MisplacedPragma
Pull Requests:
- #106: [java] CPD: Keep constructor names under ignoreIdentifiers
- #107: [groovy] Initial support for CPD Groovy
- #110: [java] Fix parser error (issue 1530)
- #111: [java] Fix BooleanInstantiationRule for Java 8
- #112: [java] Fix ClassCastException on CloneMethodMustImplementCloneable
- #113: [java] Fix ClassCastException on SignatureDeclareThrowsException
- #114: [core] Remove multihreading workaround for JRE5, as no PMD version supports running on JRE5 anymore
- #115: [java] Simplify lambda parsing
- #116: [core] [java] Improve collection usage
- #117: [java] Improve symboltable performance
- #118: [java] Simplify VariableDeclaratorId parsing
- #119: [plsql] Fix PMD issue 1531- endless loop followed by OOM while parsing (PL)SQL
Bugfixes:
- apex-apexunit
- #1521: [apex] ApexUnitTestClassShouldHaveAsserts: Parsing error on APEX class: expected one element but was: <BlockStatement, BlockStatement>
- Java
- java-basic/BooleanInstantiation
- #1533: [java] BooleanInstantiation: ClassCastException with Annotation
- java-comments
- #1522: [java] CommentRequired: false positive
- java-design/SingularField
- #1494: [java] SingularField: lombok.Data false positive
- java-imports/UnusedImports
- #1529: [java] UnusedImports: The created rule violation has no class name
- java-logging-java
- java-typeresolution/CloneMethodMustImplementCloneable
- java-typeresolution/SignatureDeclareThrowsException
- #1535: [java] SignatureDeclareThrowsException: ClassCastException with Annotation
- PLSQL
- General
27-July-2016 - 5.5.1
New Rules:
- New rules for Salesforce.com Apex:
- apex-apexunit: ApexUnitTestClassShouldHaveAsserts, ApexUnitTestShouldNotUseSeeAllDataTrue
Pull Requests:
- #101: [java] Improve multithreading performance: do not lock on classloader
- #102: [apex] Restrict AvoidLogicInTrigger rule to max. 1 violation per file
- #103: [java] [apex] Fix for 1501: CyclomaticComplexity rule causes OOM when class reporting is disabled
- #104: [core] [java] Close opened file handles
- apex #43: [apex] Basic apex unit test rules
Bugfixes:
- Apex
- #1501: [java] [apex] CyclomaticComplexity rule causes OOM when class reporting is disabled
- Java
- #1501: [java] [apex] CyclomaticComplexity rule causes OOM when class reporting is disabled
- General
25-June-2016 - 5.5.0
System requirements:
PMD and CPD need at least a java7 runtime environment. For analyzing Salesforce.com Apex source code, you’ll need a java8 runtime environment.
New Supported Languages:
- Salesforce.com Apex is now supported by PMD and CPD. See PR#86.
- CPD now supports Perl. See PR#82.
- CPD now supports Swift. See PR#33.
New and modified Rules:
- New rules in Java:
- java-logging-java/InvalidSlf4jMessageFormat: Check for invalid message format in slf4j loggers. See PR#73.
- java-design/ConstantsInInterface: Avoid constants in interfaces. Interfaces should define types, constants are implementation details better placed in classes or enums. See Effective Java, item 19. See PR#93.
- Modified rules in Java:
- java-comments/CommentRequired: New property
serialVersionUIDCommentRequired
which controls the comment requirements for serialVersionUID fields. By default, no comment is required for this field. - java-design/UseVargs: public static void main method is ignored now and so are methods, that are annotated with Override. See PR#79.
- java-comments/CommentRequired: New property
- New rules for Salesforce.com Apex:
- apex-complexity: AvoidDeeplyNestedIfStmts, ExcessiveParameterList, ExcessiveClassLength, NcssMethodCount, NcssTypeCount, NcssConstructorCount, StdCyclomaticComplexity, TooManyFields, ExcessivePublicCount
- apex-performance: AvoidDmlStatementsInLoops, AvoidSoqlInLoops
- apex-style: VariableNamingConventions, MethodNamingConventions, ClassNamingConventions, MethodWithSameNameAsEnclosingClass, AvoidLogicInTrigger, AvoidGlobalModifier
- Javascript
- New Rule: ecmascript-unnecessary/NoElseReturn: The else block in a if-else-construct is
unnecessary if the
if
block contains a return. Then the content of the else block can be put outside. See #1486.
- New Rule: ecmascript-unnecessary/NoElseReturn: The else block in a if-else-construct is
unnecessary if the
Improvements and CLI changes:
- A JSON-renderer for PMD which is compatible with CodeClimate. See PR#83.
- #1360: [core] [java] Provide backwards compatibility for PMD configuration file
- CPD: If a complete filename is specified, the language dependent filename filter is not applied. This allows to scan files, that are not using the standard file extension. If a directory is specified, the filename filter is still applied and only those files with the correct file extension of the language are scanned.
- CPD: If no problems found, an empty report will be output instead of nothing. See also #1481
- CPD: New command line parameter
--ignore-usings
: Ignore using directives in C# when comparing text. - PMD: New command line parameter:
-norulesetcompatibility
- this disables the ruleset factory compatibility filter and fails, if e.g. an old rule name is used in the ruleset. See also #1360. This option is also available for the ant task:<noRuleSetCompatibility>true</noRuleSetCompatibility>
. - PMD: New command line parameter:
-filelist
- this provides an alternative way to define, which files should be process by PMD. With this option, you can provide the path to a single file containing a comma delimited list of files to analyze. If this is given, then you don’t need to provide-dir
. See PR#98.
Pull Requests:
- #25: [cs] Added option to exclude C# using directives from CPD analysis
- #27: [cpp] Added support for Raw String Literals (C++11).
- [#29)(https://github.com/adangel/pmd/pull/29): [jsp] Added support for files with UTF-8 BOM to JSP tokenizer.
- #30: [core] CPD: Removed file filter for files that are explicitly specified on the CPD command line using the ‘–files’ command line option.
- #31: [core] CPD: Added file encoding detection to CPD.
- #32: [objectivec] Extended Objective-C grammar to accept UTF-8 escapes (\uXXXX) in string literals.
- #33: [swift] Added support for Swift to CPD.
- #34: multiple code improvements: squid:S1192, squid:S1118, squid:S1066, squid:S1854, squid:S2864
- #35: [javascript] Javascript tokenizer now ignores comment tokens.
- #72: [java] [jsp] Added capability in Java and JSP parser for tracking tokens.
- #73: [java] InvalidSlf4jMessageFormat: Add rule to look for invalid message format in slf4j loggers
- #74: [java] CommentDefaultAccessModifier: Fix rendering CommentDefaultAccessModifier description as code
- #75: [core] RuleSetFactory Performance Enhancement
- #76: [java] DoNotCallGarbageCollectionExplicitly: fix formatting typos in an example
- #77: [java] [plsql] Fix various typos
- #78: [java] MissingStaticMethodInNonInstantiatableClass: Add Builder pattern check
- #79: [java] UseVarargs: do not flag public static void main(String[]), ignore @Override
- #80: [site] Update mvn-plugin.md
- #82: [perl] Add Perl support to CPD.
- #83: [core] CodeClimateRenderer: Adds new Code Climate-compliant JSON renderer
- #84: [java] EmptyMethodInAbstractClassShouldBeAbstract: Change rule’s description.
- #85: [java] UseStringBufferForStringAppends: False Positive with Ternary Operator (#1340)
- #86: [apex] Added language module for Salesforce.com Apex incl. rules ported from Java and new ones.
- #87: [core] [apex] Customize Code Climate Json “categories” + “remediation_points” as PMD rule properties
- #88: [core] [apex] Fixed typo in ruleset.xml and problems with the CodeClimate renderer
- #89: [core] Some code enhancements
- #90: [core] Refactored two test to stop using the deprecated ant class BuildFileTest
- #91: [core] [java] [jsp] [plsql] [test] [vm] Small code enhancements, basically reordering variable declarations, constructors and variable modifiers
- #92: [core] [apex] Improved Code Climate Renderer Output and a Bugfix for Apex StdCyclomaticComplexityRule on triggers
- #93: [java] ConstantsInInterface: Add ConstantsInInterface rule. Effective Java, 19
- #94: [core] [apex] Added property, fixed code climate renderer output and deleted unused rulessets
- #95: [apex] AvoidDmlStatementsInLoops: New apex rule AvoidDmlStatementsInLoops
- #96: [core] CodeClimateRenderer: Clean up Code Climate renderer
- #97: [java] BooleanGetMethodName: Don’t report bad method names on @Override
- #98: [core] PMD: Input filelist parameter
- #99: [apex] Fixed Trigger name is reported incorrectly
- #100: [core] CSVRenderer: escape filenames with commas in csvrenderer
Bugfixes:
- java-basic
- java-codesize
- #1457: [java] TooManyMethods: counts inner class methods
- java-comments
- java-controversial
- #1449: [java] AvoidUsingShortType: false positive when casting a variable to short
- java-design
- java-finalizers
- #1440: [java] AvoidCallingFinalize: NPE
- java-imports
- java-junit
- java-migrating
- #1446: [java] JUnit4TestShouldUseBeforeAnnotation: False positive when TestNG is used
- java-naming
- #1431: [java] SuspiciousEqualsMethodName: false positive
- java-optimizations
- java-sunsecure
- java-unnecessary
- java-unusedcode
- #1456: [java] UnusedFormalParameter: should ignore overriding methods
- #1484: [java] UnusedLocalVariable: false positive - parenthesis
- #1480: [java] UnusedModifier: false positive on public modifier used with inner interface in enum
- #1428: [java] UnusedPrivateField: False positive when local variable hides member variable hides member variable
- General
- #1425: [core] XMLRenderer: Invalid XML Characters in Output
- #1429: [java] Parser Error: Cast in return expression
- #1441: [site] PMD: Update documentation how to compile after modularization
- #1442: [java] PDMASMClassLoader: Java 9 Jigsaw readiness
- #1455: [java] Parser: PMD doesn’t handle Java 8 explicit receiver parameters
- #1458: [xml] Performance degradation scanning large XML files with XPath custom rules
- #1461: [core] RuleSetFactory: Possible threading issue due to PR#75
- #1470: [java] Parser: Error with type-bound lambda
- #1478: [core] PMD CLI: Use first language as default if Java is not available
- #1481: [core] CPD: no problems found results in blank file instead of empty xml
- #1485: [apex] Analysis of some apex classes cause a stackoverflow error
- #1488: [apex] Windows line endings falsify the location of issues
- #1491: [core] CodeClimateRenderer: corrupt JSON output with real line breaks
- #1492: [core] PMD CLI: IncompatibleClassChangeError when running PMD
27-March-2017 - 5.4.6
The PMD team is pleased to announce PMD 5.4.6.
This is a bug fixing release.
Table Of Contents
Fixed Issues
- general:
- #305: [core] PMD not executing under git bash
- java:
- #309: [java] Parse error on method reference
- java-design:
- #275: [java] FinalFieldCouldBeStatic: Constant in @interface incorrectly reported as “could be made static”
- java-junit:
- #285: [java] JUnitTestsShouldIncludeAssertRule should support @Rule as well as @Test(expected = …)
- java-optimizations:
- #222: [java] UseStringBufferForStringAppends: False Positive with ternary operator
- java-strings:
- #290: [java] InefficientEmptyStringCheck misses String.trim().isEmpty()
External Contributions
- #303: [java] InefficientEmptyStringCheckRule now reports String.trim().isEmpty()
- #307: [java] Fix false positive with UseStringBufferForStringAppendsRule
- #308: [java] JUnitTestsShouldIncludeAssertRule supports @Rule annotated ExpectedExceptions
25-Februar-2017 - 5.4.5
The PMD team is pleased to announce PMD 5.4.5
This is a bug fixing release.
Table Of Contents
New and noteworthy
Modified Rules
- The Java rule
UnusedModifier
(ruleset java-unusedcode) has been expanded to consider more redundant modifiers.- Annotations marked as
abstract
. - Nested annotations marked as
static
. - Nested annotations within another interface or annotation marked as
public
. - Classes, interfaces or annotations nested within an annotation marked as
public
orstatic
. - Nested enums marked as
static
.
- Annotations marked as
Fixed Issues
- general
- java-basic
- #232: [java] SimplifiedTernary: Incorrect ternary operation can be simplified.
- java-coupling
- #270: [java] LoD false positive
- java-design
- java-optimizations
- #215: [java] RedundantFieldInitializer report for annotation field not explicitly marked as final
- java-unusedcode
External Contributions
- #266: [java] corrected invalid reporting of LoD violation
28-January-2017 - 5.4.4
The PMD team is pleased to announce PMD 5.4.4
This is a bug fixing release. The most significant changes are on analysis performance.
Multithread performance has been enhanced by reducing thread-contention on a bunch of areas. This is still an area of work, as the speedup of running multithreaded analysis is still relatively small (4 threads produce less than a 50% speedup). Future releases will keep improving on this area.
Once again, Symbol Table has been an area of great performance improvements. This time we were able to further improve it’s performance by roughly 10% on all supported languages. In Java in particular, several more improvements were possible, improving Symbol Table performance by a whooping 30%, that’s over 5X faster than PMD 5.4.2, when we first started working on it.
Java developers will also appreciate the revamp of CloneMethodMustImplementCloneable
,
making it over 500X faster, and PreserveStackTrace
which is now 7X faster.
New and noteworthy
This is a bug fixing release, no major changes were introduced.
Modified Rules
The Java rule “UseLocaleWithCaseConversions” (ruleset java-design) has been modified, to detect calls
to toLowerCase
and to toUpperCase
also within method call chains. This leads to more detected cases
and potentially new false positives.
See also bugfix #1556.
Fixed Issues
- java
- java-design
- #1448: [java] ImmutableField: Private field in inner class gives false positive with lambdas
- #1495: [java] UnnecessaryLocalBeforeReturn with assert
- #1552: [java] MissingBreakInSwitch - False positive for continue
- #1556: [java] UseLocaleWithCaseConversions does not works with
ResultSet
(false negative) - #177: [java] SingularField with lambdas as final fields
- java-imports
- java-unnecessary
- #199: [java] UselessParentheses: Parentheses in return statement are incorrectly reported as useless
- java-strings
- #202: [java] [doc] ConsecutiveAppendsShouldReuse is not really an optimization
- XML
- #1518: [xml] Error while processing xml file with “.webapp” in the file or directory name
- psql
- #1549: [plsql] Parse error for IS [NOT] NULL construct
- javascript
- #201: [javascript] template strings are not correctly parsed
- General
- #1511: [core] Inconsistent behavior of Rule.start/Rule.end
External Contributions
- #129: [plsql] Added correct parse of IS [NOT] NULL and multiline DML
- #152: [java] fixes #1552 continue does not require break
- #154: [java] Fix #1547: UnusedImports: Adjust regex to support underscores
- #170: [core] Ant Task Formatter encoding issue with XMLRenderer
- #200: [javascript] Templatestring grammar fix
04-November-2016 - 5.4.3
Summary:
- 7 pull requests
- 16 bug fixes
Pull Requests:
- #35: [javascript] Javascript tokenizer now ignores comment tokens.
- #103: [java] Fix for 1501: CyclomaticComplexity rule causes OOM when class reporting is disabled
- #110: [java] Fix parser error (issue 1530)
- #111: [java] Fix BooleanInstantiationRule for Java 8
- #112: [java] Fix ClassCastException on CloneMethodMustImplementCloneable
- #113: [java] Fix ClassCastException on SignatureDeclareThrowsException
- #119: [plsql] Fix PMD issue 1531- endless loop followed by OOM while parsing (PL)SQL
Bugfixes:
- Java
- java-basic/BooleanInstantiation
- #1533: [java] BooleanInstantiation: ClassCastException with Annotation
- java-comments
- #1522: [java] CommentRequired: false positive
- java-design/SingularField
- #1494: [java] SingularField: lombok.Data false positive
- java-imports/UnusedImports
- #1529: [java] UnusedImports: The created rule violation has no class name
- java-typeresolution/CloneMethodMustImplementCloneable
- java-typeresolution/SignatureDeclareThrowsException
- #1535: [java] SignatureDeclareThrowsException: ClassCastException with Annotation
- PLSQL
- General
29-May-2016 - 5.4.2
New Supported Languages:
- CPD supports now Swift (see PR#33).
Feature Request and Improvements:
- A JSON-renderer for PMD which is compatible with CodeClimate. See PR#83.
- #1360: Provide backwards compatibility for PMD configuration file
Modified Rules:
- java-design/UseVargs: public static void main method is ignored now and so are methods, that are annotated with Override. See PR#79.
Pull Requests:
- #27: Added support for Raw String Literals (C++11).
- #29: Added support for files with UTF-8 BOM to JSP tokenizer.
- #30: Removed file filter for files that are explicitly specified on the CPD command line using the ‘–files’ command line option.
- #31: Added file encoding detection to CPD.
- #32: Extended Objective-C grammar to accept UTF-8 escapes (\uXXXX) in string literals.
- #33: Added support for Swift to CPD.
- #79: do not flag public static void main(String[]) as UseVarargs; ignore @Override for UseVarargs
- #80: Update mvn-plugin.md
- #83: Adds new Code Climate-compliant JSON renderer
- #85: #1340 UseStringBufferForStringAppends False Positive with Ternary Operator
Bugfixes:
- java-basic/DoubleCheckedLocking:
- #1471: False positives for DoubleCheckedLocking
- java-basic/SimplifiedTernary:
- #1424: False positive with ternary operator
- java-codesize/TooManyMethods:
- #1457: TooManyMethods counts inner class methods
- java-controversial/AvoidUsingShortType:
- #1449: false positive when casting a variable to short
- java-design/AccessorClassGeneration:
- #1452: ArrayIndexOutOfBoundsException with Annotations for AccessorClassGenerationRule
- java-design/CloseResource
- #1479: CloseResource false positive on Statement
- java-design/UseUtilityClass:
- #1467: UseUtilityClass can’t correctly check functions with multiple annotations
- java-imports/UnusedImports:
- #1465: False Positve UnusedImports with javadoc @link
- java-junit/TestClassWithoutTestCases:
- #1453: Test Class Without Test Cases gives false positive
- java-optimizations/UseStringBufferForStringAppends:
- #1340: UseStringBufferForStringAppends False Positive with ternary operator
- java-sunsecure/ArrayIsStoredDirectly:
- java-unnecessary/UnnecessaryFinalModifier:
- #1464: UnnecessaryFinalModifier false positive on a @SafeVarargs method
- java-unusedcode/UnusedFormalParameter:
- #1456: UnusedFormalParameter should ignore overriding methods
- java-unusedcode/UnusedLocalVariable
- #1484: UnusedLocalVariable - false positive - parenthesis
- java-unusedcode/UnusedModifier
- #1480: false positive on public modifier used with inner interface in enum
- General
CLI Changes:
- CPD: If a complete filename is specified, the language dependent filename filter is not applied. This allows to scan files, that are not using the standard file extension. If a directory is specified, the filename filter is still applied and only those files with the correct file extension of the language are scanned.
- CPD: If no problems found, an empty report will be output instead of nothing. See also #1481
- New command line parameter for PMD:
-norulesetcompatibility
- this disables the ruleset factory compatibility filter and fails, if e.g. an old rule name is used in the ruleset. See also #1360. This option is also available for the ant task:<noRuleSetCompatibility>true</noRuleSetCompatibility>
.
04-December-2015 - 5.4.1
Feature Request and Improvements:
- CPD: New command line parameter
--ignore-usings
: Ignore using directives in C# when comparing text.
Modified Rules:
- java-comments/CommentRequired: New property
serialVersionUIDCommentRequired
which controls the comment requirements for serialVersionUID fields. By default, no comment is required for this field.
Pull Requests:
- #25: Added option to exclude C# using directives from CPD analysis
- #72: Added capability in Java and JSP parser for tracking tokens.
- #74: Fix rendering CommentDefaultAccessModifier description as code
- #75: RuleSetFactory Performance Enhancement
Bugfixes:
- java-comments/CommentDefaultAccessModifier
- #1430: CommentDefaultAccessModifier triggers on field annotated with @VisibleForTesting
- java-comments/CommentRequired
- #1434: CommentRequired raises violation on serialVersionUID field
- java-design/UseNotifyAllInsteadOfNotify
- #1438: UseNotifyAllInsteadOfNotify gives false positive
- java-finalizers/AvoidCallingFinalize
- #1440: NPE in AvoidCallingFinalize
- java-imports/UnnecessaryFullyQualifiedName
- #1436: UnnecessaryFullyQualifiedName false positive on clashing static imports with enums
- java-junit/JUnitAssertionsShouldIncludeMessage
- #1373: JUnitAssertionsShouldIncludeMessage is no longer compatible with TestNG
- java-migrating/JUnit4TestShouldUseBeforeAnnotation
- #1446: False positive with JUnit4TestShouldUseBeforeAnnotation when TestNG is used
- java-naming/SuspiciousEqualsMethodName
- #1431: SuspiciousEqualsMethodName false positive
- java-optimizations/RedundantFieldInitializer
- #1443: RedundantFieldInitializer: False positive for small floats
- java-unnecessary/UselessQualifiedThis
- #1422: UselessQualifiedThis: False positive with Java 8 Function
- java-unusedcode/UnusedPrivateField
- #1428: False positive in UnusedPrivateField when local variable hides member variable
- General
04-October-2015 - 5.4.0
Summary:
- 9 new rules
- 4 features requests
- 18 pull requests
Feature Request and Improvements:
- #1344: AbstractNaming should check reverse
- #1361: ShortVariable and ShortMethodName configuration
- #1414: Command line parameter to disable “failOnViolation” behavior
PMD and CPD Command Line Interfaces have a new optional parameter:
failOnViolation
. Executing PMD with the option-failOnViolation false
will perform the PMD checks but won’t fail the build and still exit with status 0. This is useful if you only want to generate the report with violations but don’t want to fail your build. - #1420: UnusedPrivateField: Ignore fields if using lombok
New Rules:
-
Java:
-
Basic: SimplifiedTernary (rulesets/java/basic.xml/SimplifiedTernary)
Ternary operator with a boolean literal can be simplified with a boolean expression. -
Clone: CloneMethodMustBePublic (rulesets/java/clone.xml/CloneMethodMustBePublic)
The java manual says “By convention, classes that implement theCloneable
interface should overrideObject.clone
(which is protected) with a public method.” -
Clone: CloneMethodReturnTypeMustMatchClassName (rulesets/java/clone.xml/CloneMethodReturnTypeMustMatchClassName)
If a class implementsCloneable
the return type of the methodclone()
must be the class name. -
Comments: CommentDefaultAccessModifier (rulesets/java/comments.xml/CommentDefaultAccessModifier)
In order to avoid mistakes with forgotten access modifiers for methods, this rule ensures, that you explicitly mark the usage of the default access modifier by placing a comment. -
Design: SingletonClassReturningNewInstance (rulesets/java/design.xml/SingletonClassReturningNewInstance)
Verifies that the method calledgetInstance
returns a cached instance and not always a fresh, new instance. -
Design: SingleMethodRule (rulesets/java/design.xml/SingleMethodSingletonRule)
Verifies that there is only one method calledgetInstance
. If there are more methods that return the singleton, then it can easily happen, that these are not the same instances - and thus no singleton. -
Unnecessary: UselessQualifiedThis (rulesets/java/unnecessary.xml/UselessQualifiedThis)
Flags unnecessary qualified usages of this, whenthis
alone would be unique. E.g. use justthis
instead ofFoo.this
.
-
-
Maven POM: (The rules can be found in the pmd-xml module)
-
Basic: ProjectVersionAsDependencyVersion (rulesets/pom/basic.xml/ProjectVersionAsDependencyVersion)
Checks the usage of${project.version}
in Maven POM files. -
Basic: InvalidDependencyTypes (rulesets/pom/basic.xml/InvalidDependencyTypes)
Verifies that only the default types (jar, war, …) for dependencies are used.
-
Ruleset snippet to activate the new rules:
<rule ref="rulesets/java/basic.xml/SimplifiedTernary"/>
<rule ref="rulesets/java/clone.xml/CloneMethodReturnTypeMustMatchClassName"/>
<rule ref="rulesets/java/clone.xml/CloneMethodMustBePublic"/>
<rule ref="rulesets/java/comments.xml/CommentDefaultAccessModifier"/>
<rule ref="rulesets/java/design.xml/SingleMethodSingleton"/>
<rule ref="rulesets/java/design.xml/SingletonClassReturningNewInstance"/>
<rule ref="rulesets/java/unnecessary.xml/UselessQualifiedThis"/>
<rule ref="rulesets/pom/basic.xml/ProjectVersionAsDependencyVersion"/>
<rule ref="rulesets/pom/basic.xml/InvalidDependencyTypes"/>
Modified Rules:
-
Java
-
Basic: CheckResultSet (rulesets/java/basic.xml/CheckResultSet)
Do not require to check the result of a navigation method, if it is returned. -
JUnit: UseAssertTrueInsteadOfAssertEquals (rulesets/java/junit.xml/UseAssertTrueInsteadOfAssertEquals)
This rule also flags assertEquals, that use Boolean.TRUE/FALSE constants. -
Naming: AbstractNaming (rulesets/java/naming.xml/AbstractNaming)
By default, this rule flags now classes, that are named “Abstract” but are not abstract. This behavior can be disabled by setting the new propertystrict
to false. -
Naming: ShortMethodName (rulesets/java/naming.xml/ShortMethodName)
Additional propertyminimum
to configure the minimum required length of a method name. -
Naming: ShortVariable (rulesets/java/naming.xml/ShortVariable)
Additional propertyminimum
to configure the minimum required length of a variable name. -
UnusedCode: UnusedPrivateField (rulesets/java/unusedcode.xml/UnusedPrivateField)
This rule won’t trigger anymore if Lombok is in use. See #1420.
-
Renamed Rules:
- Java
Removed Rules:
- Java
-
Basic: The following rules of ruleset “Basic” were marked as deprecated and are removed with this release now:
EmptyCatchBlock, EmptyIfStatement, EmptyWhileStmt, EmptyTryBlock, EmptyFinallyBlock, EmptySwitchStatements, EmptySynchronizedBlock, EmptyStatementNotInLoop, EmptyInitializer, EmptyStatementBlock, EmptyStaticInitializer
UnnecessaryConversionTemporary, UnnecessaryReturn, UnnecessaryFinalModifier, UselessOverridingMethod, UselessOperationOnImmutable, UnusedNullCheckInEquals, UselessParentheses
These rules are still available in the rulesets “Empty” (rulesets/java/empty.xml) and “Unnecessary” (rulesets/java/unnecessary.xml) respectively. -
Design: The rule “UncommentedEmptyMethod” has been renamed last release to “UncommentedEmptyMethodBody”. The old rule name reference has been removed with this release now.
-
Controversial: The rule “BooleanInversion” has been deprecated last release and has been removed with this release completely.
-
Pull Requests:
- #21: Added PMD Rules for Singleton pattern violations.
- #23: Extended Objective-C grammar to accept Unicode characters in identifiers
- #54: Add a new rulesets for Maven’s POM rules
- #55: Fix run.sh for paths with spaces
- #56: Adding support for WSDL rules
- #57: Add default access modifier as comment rule
- #58: Add rule for unnecessary literal boolean in ternary operators
- #59: Add check to Boxed booleans in UseAssertTrueInsteadOfAssertEquals rule
- #60: Add UselessQualifiedThisRule
- #61: Add CloneMethodReturnTypeMustMatchClassName rule
- #62: Add CloneMethodMustBePublic rule
- #63: Change CheckResultSet to allow for the result of the navigation methods to be returned
- #65: Fix ClassCastException in UselessOverridingMethodRule.
- #66: #1370 ConsecutiveAppendsShouldReuse not detected properly on StringBuffer
- #67: Use Path instead of string to check file exclusions to fix windows-only bug
- #68: #1370 ConsecutiveAppendsShouldReuse not detected properly on StringBuffer
- #69: #1371 InsufficientStringBufferDeclaration not detected properly on StringBuffer
- #70: Fix code example
Bugfixes:
- java-unusedcode/UnusedPrivateMethod:
- #1412: UnusedPrivateMethod false positive: Issue #1403 not completely solved
API Changes:
-
pmd requires now JDK 1.7 or above.
-
pmd-core:
net.sourceforge.pmd.lang.symboltable.Scope
:The method
addNameOccurrence
returns now a Set of NameDeclarations to which the given occurrence has been added. This is useful in case there are ambiguous declarations of methods. -
pmd-core:
net.sourceforge.pmd.lang.symboltable.AbstractScope
:The method
findVariableHere
returns now a Set of NameDeclarations which match the given occurrence. This is useful in case there are ambiguous declarations of methods.
04-November-2016 - 5.3.8
Summary
- 1 feature requests
- 6 pull requests
- 17 bug fixes
Feature Requests and Improvements:
- #1360: [core] [java] Provide backwards compatibility for PMD configuration file
Pull Requests:
- #35: [javascript] Javascript tokenizer now ignores comment tokens.
- #103: [java] Fix for 1501: CyclomaticComplexity rule causes OOM when class reporting is disabled
- #111: [java] Fix BooleanInstantiationRule for Java 8
- #112: [java] Fix ClassCastException on CloneMethodMustImplementCloneable
- #113: [java] Fix ClassCastException on SignatureDeclareThrowsException
- #119: [plsql] Fix PMD issue 1531- endless loop followed by OOM while parsing (PL)SQL
Bugfixes:
- java
- #1501: [java] [apex] CyclomaticComplexity rule causes OOM when class reporting is disabled
- java-basic/BooleanInstantiation
- #1533: [java] BooleanInstantiation: ClassCastException with Annotation
- java-comments
- #1522: [java] CommentRequired: false positive
- java-design/CloseResource
- #1479: [java] CloseResource: false positive on Statement
- java-imports/UnusedImports
- #1529: [java] UnusedImports: The created rule violation has no class name
- java-typeresolution/CloneMethodMustImplementCloneable
- java-typeresolution/SignatureDeclareThrowsException
- #1535: [java] SignatureDeclareThrowsException: ClassCastException with Annotation
- java-unusedcode/UnusedLocalVariable
- #1484: [java] UnusedLocalVariable: false positive - parenthesis
- java-unusedcode/UnusedModifier
- #1480: [java] UnusedModifier: false positive on public modifier used with inner interface in enum
- plsql
- General
API Changes:
- New command line parameter for PMD:
-norulesetcompatibility
- this disables the ruleset factory compatibility filter and fails, if e.g. an old rule name is used in the ruleset. See also #1360. This option is also available for the ant task:<noRuleSetCompatibility>true</noRuleSetCompatibility>
. - CPD: If no problems found, an empty report will be output instead of nothing. See also #1481
30-April-2016 - 5.3.7
New Supported Languages:
- CPD supports now Swift (see PR#33).
Feature Request and Improvements:
- A JSON-renderer for PMD which is compatible with CodeClimate. See PR#83.
Modified Rules:
- java-design/UseVargs: public static void main method is ignored now and so are methods, that are annotated with Override. See PR#79.
Pull Requests:
- #27: Added support for Raw String Literals (C++11).
- #29: Added support for files with UTF-8 BOM to JSP tokenizer.
- #30: Removed file filter for files that are explicitly specified on the CPD command line using the ‘–files’ command line option.
- #31: Added file encoding detection to CPD.
- #32: Extended Objective-C grammar to accept UTF-8 escapes (\uXXXX) in string literals.
- #33: Added support for Swift to CPD.
- #79: do not flag public static void main(String[]) as UseVarargs; ignore @Override for UseVarargs
- #80: Update mvn-plugin.md
- #83: Adds new Code Climate-compliant JSON renderer
- #85: #1340 UseStringBufferForStringAppends False Positive with Ternary Operator
Bugfixes:
- java-basic/DoubleCheckedLocking:
- #1471: False positives for DoubleCheckedLocking
- java-codesize/TooManyMethods:
- #1457: TooManyMethods counts inner class methods
- java-controversial/AvoidUsingShortType:
- #1449: false positive when casting a variable to short
- java-design/AccessorClassGeneration:
- #1452: ArrayIndexOutOfBoundsException with Annotations for AccessorClassGenerationRule
- java-design/UseUtilityClass:
- #1467: UseUtilityClass can’t correctly check functions with multiple annotations
- java-imports/UnusedImports:
- #1465: False Positve UnusedImports with javadoc @link
- java-junit/TestClassWithoutTestCases:
- #1453: Test Class Without Test Cases gives false positive
- java-optimizations/UseStringBufferForStringAppends:
- #1340: UseStringBufferForStringAppends False Positive with ternary operator
- java-sunsecure/ArrayIsStoredDirectly:
- java-unnecessary/UnnecessaryFinalModifier:
- #1464: UnnecessaryFinalModifier false positive on a @SafeVarargs method
- java-unusedcode/UnusedFormalParameter:
- #1456: UnusedFormalParameter should ignore overriding methods
- General
CLI Changes:
- CPD: If a complete filename is specified, the language dependent filename filter is not applied. This allows to scan files, that are not using the standard file extension. If a directory is specified, the filename filter is still applied and only those files with the correct file extension of the language are scanned.
04-December-2015 - 5.3.6
Feature Request and Improvements:
- CPD: New command line parameter
--ignore-usings
: Ignore using directives in C# when comparing text.
Modified Rules:
- java-comments/CommentRequired: New property
serialVersionUIDCommentRequired
which controls the comment requirements for serialVersionUID fields. By default, no comment is required for this field.
Pull Requests:
- #25: Added option to exclude C# using directives from CPD analysis
- Note: This also contains the fix from #23
- #72: Added capability in Java and JSP parser for tracking tokens.
- #75: RuleSetFactory Performance Enhancement
Bugfixes:
- java-comments/CommentRequired
- #1434: CommentRequired raises violation on serialVersionUID field
- java-design/UseNotifyAllInsteadOfNotify
- #1438: UseNotifyAllInsteadOfNotify gives false positive
- java-finalizers/AvoidCallingFinalize
- #1440: NPE in AvoidCallingFinalize
- java-imports/UnnecessaryFullyQualifiedName
- #1436: UnnecessaryFullyQualifiedName false positive on clashing static imports with enums
- java-junit/JUnitAssertionsShouldIncludeMessage
- #1373: JUnitAssertionsShouldIncludeMessage is no longer compatible with TestNG
- java-migrating/JUnit4TestShouldUseBeforeAnnotation
- #1446: False positive with JUnit4TestShouldUseBeforeAnnotation when TestNG is used
- java-naming/SuspiciousEqualsMethodName
- #1431: SuspiciousEqualsMethodName false positive
- java-optimizations/RedundantFieldInitializer
- #1443: RedundantFieldInitializer: False positive for small floats
- java-unusedcode/UnusedPrivateField
- #1428: False positive in UnusedPrivateField when local variable hides member variable
- General
04-October-2015 - 5.3.5
Modified Rules:
- java-design/CloseResource: New Property closeAsDefaultTarget which is true by default to stay
backwards compatible. If this property is true, the rule will make sure, that
close
itself is always considered as a closeTarget - no matter whether it is configured with the closeTargets property or not.
Pull Requests:
- #71: #1410 Improve description of DefaultPackage rule
Bugfixes:
- java-controversial/DefaultPackage:
- #1410: DefaultPackage triggers on field annotated with @VisibleForTesting
- java-design/CloseResource:
- #1387: CloseResource has false positive for ResultSet
- java-optimizations/RedundantFieldInitializer
- #1418: RedundantFieldInitializer false positive with large long value
- java-strings/InsufficientStringBufferDeclaration:
- java-unnecessary/UselessParentheses:
- #1407: UselessParentheses “&” and “+” operator precedence
18-September-2015 - 5.3.4
Bugfixes:
- #1370: ConsecutiveAppendsShouldReuse not detected properly on StringBuffer
- #1371: InsufficientStringBufferDeclaration not detected properly on StringBuffer
- #1380: InsufficientStringBufferDeclaration false positive when literal string passed to a lookup service
- #1384: NullPointerException in ConsecutiveLiteralAppendsRule
- #1388: ConstructorCallsOverridableMethodRule doesn’t work with params?
- #1392: SimplifyStartsWith false-negative
- #1393: PMD hanging during DataflowAnomalyAnalysis
- #1394: dogfood.xml - Unable to exclude rules [UncommentedEmptyMethod]
- #1395: UnusedPrivateMethod false positive for array element method call
- #1396: PrematureDeclaration lambda false positive
- #1397: StringToString should ignore method references
- #1398: False positive for GuardLogStatementJavaUtil with Log4j
- #1399: False positive for VariableNamingConventions with annotation @interface
- #1400: False positive with JUnit4TestShouldUseBeforeAnnotation
- #1401: False positive for StringBuilder.append called with constructor
- #1402: Windows-Only: File exclusions are not case insensitive
- #1403: False positive UnusedPrivateMethod with JAVA8
- #1404: Java8 ‘Unnecessary use of fully qualified name’ in Streams Collector
- #1405: UnusedPrivateMethod false positive?
25-July-2015 - 5.3.3
Pull Requests:
- #55: Fix run.sh for paths with spaces
Bugfixes:
- #1364: FieldDeclarationsShouldBeAtStartOfClass false positive using multiple annotations
- #1365: Aggregated javadoc report is missing
- #1366: UselessParentheses false positive on multiple equality operators
- #1369: ConsecutiveLiteralAppends not detected properly on StringBuffer
- #1372: False Negative for CloseResource rule.
- #1375: CloseResource not detected properly
- #1376: CompareObjectsWithEquals fails for type annotated method parameter
- #1379: PMD CLI: Cannot specify multiple properties
- #1381: CPD Cannot use CSV/VS Renderers because they don’t support encoding property
22-May-2015 - 5.3.2
Bugfixes:
- #1330: AvoidReassigningParameters does not work with varargs
- #1335: GuardLogStatementJavaUtil should not apply to SLF4J Logger
- #1342: UseConcurrentHashMap false positive (with documentation example)
- #1343: MethodNamingConventions for overrided methods
- #1345: UseCollectionIsEmpty throws NullPointerException
- #1353: False positive “Only One Return” with lambda
- #1354: Complex FieldDeclarationsShouldBeAtStartOfClass false positive with Spring annotations
- #1355: NullPointerException in a java file having a single comment line
20-April-2015 - 5.3.1
New/Modified/Deprecated Rules:
- Language Java, ruleset design.xml: The rule “UseSingleton” has been renamed to “UseUtilityClass”. See also bugs #1059 and #1339.
Pull Requests:
- #53: Fix some NullPointerExceptions
Bugfixes:
- #1332: False Positive: UnusedPrivateMethod
- #1333: Error while processing Java file with Lambda expressions
- #1337: False positive “Avoid throwing raw exception types” when exception is not thrown
- #1338: The pmd-java8 POM bears the wrong parent module version
April 1, 2015 - 5.3.0
New Supported Languages:
- Matlab (CPD)
- Objective-C (CPD)
- Python (CPD)
- Scala (CPD)
Feature Requests and Improvements:
- XML: Line numbers for XML documents are more accurate. This is a further improvement of #1054.
- CPD: New output format ‘csv_with_linecount_per_file’
- #1320: Enhance SimplifyBooleanReturns checks
- PMD exits with status
4
if any violations have been found. This behavior has been introduced to ease PMD integration into scripts or hooks, such as SVN hooks.
New/Modified/Deprecated Rules:
The following rules have been enhanced :
- Language Java, ruleset design.xml: The rule “SimplifyBooleanReturns” now also marks methods where the else case is omitted and just a return. See also feature #1320.
The following rules are marked as deprecated and will be removed with the next release of PMD.
-
Language Java, ruleset basic.xml: The following rules have been moved into the
empty.xml
ruleset. You’ll need to enable the “empty” ruleset explicitly from now on, if you want to have these rules executed:EmptyCatchBlock, EmptyIfStatement, EmptyWhileStmt, EmptyTryBlock, EmptyFinallyBlock, EmptySwitchStatements, EmptySynchronizedBlock, EmptyStatementNotInLoop, EmptyInitializer, EmptyStatementBlock, EmptyStaticInitializer.
-
Language Java, ruleset basic.xml: The following rules have been moved into the
unnecessary.xml
ruleset. You’ll need to enable the “unnecessary” ruleset explicitly from now on, if you want to have these rules executed:UnnecessaryConversionTemporary, UnnecessaryReturn, UnnecessaryFinalModifier, UselessOverridingMethod, UselessOperationOnImmutable, UnusedNullCheckInEquals, UselessParentheses.
-
Language Java, ruleset design.xml: The rule “UncommentedEmptyMethod” has been renamed to “UncommentedEmptyMethodBody”. See also bug #1283.
-
Language Java, ruleset controversial.xml: The rule “BooleanInversion” is deprecated and will be removed with the next release. See #1277 for more details.
Pull Requests:
- #11: Added support for Python to CPD.
- #12: Added support for Matlab to CPD.
- #13: Added support for Objective-C to CPD.
- #14: Added support for Scala to CPD.
- #15: (pmd-cs) Fixed incorrect line numbers after mutiline comments and verbatim strings.
- #16: Fixed several C++ lexical / tokenize errors.
- #17: Fixed ‘–files’ command line option of CPD, so it also works for files and not only for directories.
- #18: Created extra CSV output format
csv_with_linecount_per_file
which outputs the correct line count per file. - #19: Fixed exit status of PMD when error occurs
- #48: Handle NoClassDefFoundError along ClassNotFoundException
- #49: Fix some false positives in UnusedPrivateField
- #50: Add missing assertions in JUnitAssertionsShouldIncludeMessage test
- #51: [JUnit] Check assertion message present in assertEquals with delta
- #52: Improves JDK8 support for default methods and static methods in interfaces
Bugfixes:
- #914: False +ve from UnusedImports with wildcard static imports
- #1197: JUnit4TestShouldUseTestAnnotation for private method
- #1277: Delete BooleanInversion as it makes no sense
- #1283: Rename UncommentedEmptyMethod to UncommentedEmptyMethodBody
- #1296: PMD UnusedPrivateMethod invalid detection of ‘private void method(int,boolean,Integer…)’
- #1298: Member variable int type with value 0xff000000 causes processing error
- #1299: MethodReturnsInternalArray false positive
- #1302: False Positive: UnusedPrivateField when accessed by inner class
- #1303: OverrideBothEqualsAndHashcodeRule does not work on class implements resolvable interfaces
- #1304: UseCollectionIsEmpty false positive comparing to 1
- #1305: variable declaration inside switch causes ClassCastException
- #1306: False positive on duplicate when using static imports
- #1307: False positive: SingularField and lambda-expression
- #1308: PMD runs endlessly on some generated files
- #1312: Rule reference must not override rule name of referenced rule
- #1313: Missing assertion message in assertEquals with delta not detected
- #1316: Multi Rule Properties with delimiter not possible
- #1317: RuntimeException when parsing class with multiple lambdas
- #1319: PMD stops with NoClassDefFoundError (typeresolution)
- #1321: CPD format XML fails with NullPointer
- #1322: MethodReturnsInternalArray on private methods
- #1323: False positive case of UseAssertTrueInsteadOfAssertEquals
- #1324: MethodReturnsInternalArray false positive with clone()
- #1325: Inner class declared within a method fails to parse (ClassCastException)
- #1326: PMD 5.3.0-SNAPSHOT doesn’t compile under Windows
API Changes:
-
net.sourceforge.pmd.cpd.Match.iterator()
now returns an iterator of the new typenet.sourceforge.pmd.cpd.Mark
instead of TokenEntry. AMark
contains all the informations about each single duplication, including the TokenEntry viaMark.getToken()
. This Mark is useful for reporting the correct line count for each duplication. Previously only one line count was available. As for some languages CPD can be instructed to ignore comments, the line count could be different in the different files for the same duplication. -
pmd-test: The utility class
StreamUtil
is deprecated. Just use Apache Commons IO Utils instead.
December 21, 2014 - 5.2.3:
Feature Requests and Improvements:
- #1288: MethodNamingConventions for native should be deactivated
- #1293: Disable VariableNamingConventions for native methods
Modified Rules:
- Java / Design / UseVarargs: if
byte[]
is used as the last argument, it is ignored and no violation will be reported. - Java / Naming / MethodNamingConventions: New property
checkNativeMethods
- Java / Naming / VariableNamingConventions: New property
checkNativeMethodParameters
Pull requests:
- #45: #1290 RuleSetReferenceId does not process HTTP(S) correctly.
- #46: Allow byte[] as no-vargars last argument
- #47: Allow byte[] data and byte data[] as no-varargs last argument
Bugfixes:
- #1252: net.sourceforge.pmd.lang.ast.TokenMgrError: Lexical error in file xxx.cpp
- #1289: CommentRequired not ignored if javadoc {@inheritDoc} anon inner classes
- #1290: RuleSetReferenceId does not process HTTP(S) correctly.
- #1294: False positive UnusedPrivateMethod with public inner enum from another class
December 3, 2014 - 5.2.2:
New Parameters for CPD:
For the language cpp, the following new parameters are supported:
--no-skip-blocks
: Disables skipping of code blocks like a pre-processor. This is by default enabled.--skip-blocks-pattern
: Pattern to find the blocks to skip. Start and End pattern separated by “|
”. Default value is “#if 0|#endif
”.
Bugfixes:
- #1090: cpp parser exception with inline asm
- #1128: CompareObjectsWithEquals False Positive comparing boolean (primitive) values
- #1254: CPD run that worked in 5.1.2 fails in 5.1.3 with OOM
- #1276: False positive in UnusedPrivateMethod with inner enum
- #1280: False Positive in UnusedImports when import used in javadoc
- #1281: UnusedPrivateMethod incorrectly flagged for methods nested private classes
- #1282: False Positive with implicit String.valuesOf() (Java)
- #1285: Prevent to modify the System environment
- #1286: UnusedPrivateMethod returns false positives for varags and enums
November 3, 2014 - 5.2.1:
Bugfixes:
- #550: False +: MissingBreakInSwitch
- #1252: net.sourceforge.pmd.lang.ast.TokenMgrError: Lexical error in file xxx.cpp
- #1253: Document default behaviour when CPD command line arguments “encoding” and “ignoreAnnotations” are not specified
- #1255: UseUtilityClass false positive with Exceptions
- #1256: PositionLiteralsFirstInComparisons false positive with Characters
- #1258: Java 8 Lambda parse error on direct field access
- #1259: CloseResource rule ignores conditionnals within finally blocks
- #1261: False positive “Avoid unused private methods” with Generics
- #1262: False positive for MissingBreakInSwitch
- #1263: PMD reports CheckResultSet violation in completely unrelated source files.
- #1272: varargs in methods are causing IndexOutOfBoundException when trying to process files
- #1273: CheckResultSet false positive in try-with-resources nested in if
- #1274: ant integration broken with pmd-5.2.0
- #1275: False positive: UnusedModifier rule for static inner class in enum
October 17, 2014 - 5.2.0:
Modularization of the source code:
The source code of pmd was undergoing a major restructuring. Each language is separated out into its own module. This reduces the size of the artifacts significantly, if only one language is needed. It also makes it easier, to add new languages as extensions.
Therefore, the maven coordinates needed to change. In order to just use pmd with java support, you’ll need the following two dependencies:
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-core</artifactId>
<version>5.2.0</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-java</artifactId>
<version>5.2.0</version>
</dependency>
The binary package still contains all languages and can be used as usual. Have a look at the central repository for available modules.
New Languages
- CPD supports now Go.
Pull requests:
New/Modified Rules:
- JSP - Basic ruleset:
- NoUnsanitizedJSPExpression: Using unsanitized JSP expression can lead to Cross Site Scripting (XSS) attacks
August 31, 2014 - 5.1.3:
Bugfixes:
- #1156: False failure with “Avoid unused private methods”
- #1187: double variable with AvoidDecimalLiteralsInBigDecimalConstructor
- #1228: UnusedPrivateMethod returns false positives
- #1230: UseCollectionIsEmpty gets false positives
- #1231: No Error Message on Missing Rule
- #1233: UnusedPrivateMethod: False positive : method called on returned object.
- #1234: Unused private methods still giving false positives in 5.1.3 snapshot
- #1235: scope dependencies in POM file
- #1239: StackOverflowError in AbstractTokenizer.parseString running CPD on >1MB JS file
- #1241: False+ AvoidProtectedMethodInFinalClassNotExtending
- #1243: Useless Parentheses False Positive
- #1245: False Positive for Law of Demeter
- #1246: False positive from MissingBreakInSwitch
- #1247: Not able to recognize JDK 8 Static Method References
- #1249: Regression: UnusedPrivateMethod from 5.0.5 to 5.1.2
- #1250: Method attribute missing for some violations
- #1251: UnusedPrivateMethod false positives for boxing & unboxing arguments
Feature Requests and Improvements:
- #1232: Make ShortClassName configurable
- #1244: FieldDeclarationsShouldBeAtStartOfClass and anonymous classes
New/Modified Rules:
- FieldDeclarationsShouldBeAtStartOfClass (ruleset java-design) has a new property called
ignoreAnonymousClassDeclarations
: Ignore Field Declarations, that are initialized with anonymous class declarations. This property is enabled by default. See feature #1244. - ShortClassName (ruleset java-naming) has a new property called
minimum
: Number of characters that are required as a minimum for a class name. By default, 5 characters are required - if the class name is shorter, a violation will be reported. See feature #1232.
July 20, 2014 - 5.1.2:
Bugfixes:
- Fixed bug #1181: unused import false positive if used as parameter in javadoc only.
- Fixed bug #1192: Ecmascript fails to parse this operator “ ^= “
- Fixed bug #1198: ConfusingTernary does not ignore else if blocks even when property is set
- Fixed bug #1200: setRuleSets method javadoc mistype commands instead commas
- Fixed bug #1201: Error “Can’t find resource null” when ruleset contains spaces after comma
- Fixed bug #1202: StackOverflowError in RuleSetReferenceId
- Fixed bug #1205: Parse error on lambda with if
- Fixed bug #1206: SummaryHTMLRenderer always shows suppressed warnings/violations
- Fixed bug #1208: yahtml’s outputDir property does not work
- Fixed bug #1209: XPath 2.0 following-sibling incorrectly includes context node
- Fixed bug #1211: PMD is failing with NPE for rule UseIndexOfChar while analyzing Jdk 8 Lambda expression
- Fixed bug #1214: UseCollectionIsEmpty misses some usage
- Fixed bug #1215: AvoidInstantiatingObjectsInLoops matches the right side of a list iteration loop
- Fixed bug #1216: AtLeastOneConstructor ignores classes with any methods
- Fixed bug #1218: TooFewBranchesForASwitchStatement misprioritized
- Fixed bug #1219: PrimarySuffix/@Image does not work in some cases in xpath 2.0
- Fixed bug #1223: UnusedPrivateMethod: Java 8 method reference causing false positives
- Fixed bug #1224: GuardDebugLogging broken in 5.1.1 - missing additive statement check in log statement
- Fixed bug #1226: False Positive: UnusedPrivateMethod overloading with varargs
- Fixed bug #1227: GuardLogStatementJavaUtil doesn’t catch log(Level.FINE, “msg” + “ msg”) calls
Feature Requests and Improvements:
Pull requests:
- #41: Update to use asm 5.0.2
- #42: Add SLF4j Logger type to MoreThanOneLogger rule
- #43: Standard and modified cyclomatic complexity
New Rules:
- Java - codesize ruleset:
- StdCyclomaticComplexity: Like CyclomaticComplexityRule, but not including boolean operators
- ModifiedCyclomaticComplexity: Like StdCyclomaticComplexity, but switch statement plus all cases count as 1
- Thanks to Alan Hohn
April 27, 2014 - 5.1.1:
Bugfixes:
- Fixed bug 1165: SimplifyConditional false positive
- Fixed bug 1166: PLSQL XPath Rules Fail for XPath 1.0
- Fixed bug 1167: Error while processing PLSQL file with BOM
- Fixed bug 1168: Designer errors when trying to copy xml to clipboard
- Fixed bug 1170: false positive with switch in loop
- Fixed bug 1171: Specifying minimum priority from command line gives NPE
- Fixed bug 1173: Java 8 support: method references
- Fixed bug 1175: false positive for StringBuilder.append called 2 consecutive times
- Fixed bug 1176: ShortVariable false positive with for-each loops
- Fixed bug 1177: Incorrect StringBuffer warning when that class is not used
- Fixed bug 1178: LexicalError while parsing Java code aborts CPD run
- Fixed bug 1180: False Positive for ConsecutiveAppendsShouldReuse on different variable names
- Fixed bug 1185: UnusedModifier throws NPE when parsing enum with a nested static interface
- Fixed bug 1188: False positive in UnusedPrivateField
- Fixed bug 1191: Ecmascript fails to parse “void(0)”
- Document that PMD requires Java 1.6, see discussion.
CPD Changes:
- Command Line
- Added option “–skip-lexical-errors” to skip files, which can’t be tokenized due to invalid characters instead of aborting CPD. See also bug 1178.
- Ant
- New optional parameter “skipDuplicateFiles”: Ignore multiple copies of files of the same name and length in comparison; defaults to “false”. This was already a command line option, but now also available in in CPD’s ant task.
- New optional parameter “skipLexicalErros”: Skip files which can’t be tokenized due to invalid characters instead of aborting CPD; defaults to “false”.
February 11, 2014 - 5.1.0:
New/Updated Languages:
- Java 1.8 support added.
- PLSQL support added; thanks to Stuart Turton. See also http://pldoc.sourceforge.net/
- Apache Velocity support added; thanks to Andrey Utis. See also http://velocity.apache.org
New/Updated Rulesets and Rules:
- EcmaScript
- Controversial ruleset, featuring AvoidWithStatement
- UseBaseWithParseInt
- Java
- GuardLogStatement
- replace xpath implementation of GuardDebugLogging by GuardLogStatement (better perf)
- CommentRequired
- basic rule to check for existence for formal (javadoc) comments.
- AvoidProtectedMethodInFinalClassNotExtending
- rule to avoid protected methods in final classes that don’t extend anything other than Object.
- ConsecutiveAppendsShouldReuse
- rule to encourage to reuse StringBuilder.append returned object for consecutive calls.
- PositionLiteralsFirstInCaseInsensitiveComparisons
- rule similar to PositionLiteralsFirstInComparisons, but for case insensitive comparisons (equalsIgnoreCase). Thanks to Larry Diamond
- ConfusingTernary
- new property “ignoreElseIf” to suppress this rule in case of if-else-if-else usage. See feature 1161: Confusing Ternary should skip else if statements (or have a property to do so)
- FieldDeclarationsShouldBeAtStartOfClass
- new property “ignoreEnumDeclarations” which is enabled by default. This relaxes the rule, so that enums can be declared before fields and the rule is not triggered.
- GuardLogStatement
Bugfixes:
http://sourceforge.net/p/pmd/bugs/milestone/PMD-5.1.0/
- Fixed bug 881: private final without setter is flagged
- Fixed bug 1059: Change rule name “Use Singleton” should be “Use Utility class”
- Fixed bug 1106: PMD 5.0.4 fails with NPE on parsing java enum with inner class instance creation
- Fixed bug 1045: //NOPMD not working (or not implemented) with ECMAscript
- Fixed bug 1054: XML Rules ever report a line -1 and not the line/column where the error occurs
- Fixed bug 1115: commentRequiredRule in pmd 5.1 is not working properly
- Fixed bug 1120: equalsnull false positive
- Fixed bug 1121: NullPointerException when invoking XPathCLI
- Fixed bug 1123: failure in help examples
- Fixed bug 1124: PMD.run() multithreading issue
- Fixed bug 1125: Missing Static Method In Non Instantiatable Class
- Fixed bug 1126: False positive with FieldDeclarationsShouldBeAtStartOfClass for static enums
- Fixed bug 1130: CloseResource doesn’t recognize custom close method
- Fixed bug 1131: CloseResource should complain if code between declaration of resource and try
- Fixed bug 1134: UseStringBufferLength: false positives
- Fixed bug 1135: CheckResultSet ignores results set declared outside of try/catch
- Fixed bug 1136: ECMAScript: NullPointerException in getLeft() and getRight()
- Fixed bug 1140: public EcmascriptNode getBody(int index)
- Fixed bug 1141: ECMAScript: getFinallyBlock() is buggy.
- Fixed bug 1142: ECMAScript: getCatchClause() is buggy.
- Fixed bug 1144: CPD encoding argument has no effect
- Fixed bug 1146: UseArrayListInsteadOfVector false positive when using own Vector class
- Fixed bug 1147: EmptyMethodInAbstractClassShouldBeAbstract false positives
- Fixed bug 1150: “EmptyExpression” for valid statements!
- Fixed bug 1154: Call super onPause when there is no super
- Fixed bug 1155: maven pmd plugin does not like empty rule sets
- Fixed bug 1159: false positive UnusedFormalParameter readObject(ObjectInputStream) if not used
- Fixed bug 1164: Violations are not suppressed with @java.lang.SuppressWarnings(“all”)
CPD Changes:
- Command Line
- Added non-recursive option “–non-recursive” to not scan sub-directories
- Added option “–exclude” to exclude specific files from being scanned (thanks to Delmas for patch #272)
- CPD is now thread-safe, so that multiple instances of CPD can run concurrently without stepping on each other (eg: multi-module Maven projects.). Thanks to David Golpira.
Miscellaneous:
- Upgrade to javacc 5.0 (see patch #1109 Patch to build with Javacc 5.0)
- DBURI as DataSource possible - directly scan plsql code stored within the database
API Changes
- Deprecated APIs:
- net.sourceforge.pmd.lang.ecmascript.ast.ASTFunctionNode: getBody(int index) deprecated, use getBody() instead
- net.sourceforge.pmd.lang.ecmascript.ast.ASTTryStatement: isCatch() and isFinally() deprecated, use hasCatch() and hasBody() instead
- Generalize Symbol Table treatement
- Added net.sourceforge.pmd.lang.symboltable.ScopedNode
- Added net.sourceforge.pmd.lang.symboltable.Scope
- Added net.sourceforge.pmd.lang.symboltable.NameDeclaration
- Added net.sourceforge.pmd.lang.symboltable.NameOccurrence
- Added net.sourceforge.pmd.lang.symboltable.AbstractScope
- Added net.sourceforge.pmd.lang.symboltable.AbstractNameDeclaration
August 11, 2013 - 5.0.5:
Fixed bug 991: AvoidSynchronizedAtMethodLevel for static methods
Fixed bug 1084: NPE at UselessStringValueOfRule.java:36
Fixed bug 1091: file extension for fortran seems to be wrong in cpdgui tools
Fixed bug 1092: Wrong Attribute "excludemarker" in Ant Task Documentation
Fixed bug 1095: AvoidFinalLocalVariable false positive
Fixed bug 1099: UseArraysAsList false positives
Fixed bug 1102: False positive: shift operator parenthesis
Fixed bug 1104: IdempotentOperation false positive
Fixed bug 1107: PMD 5.0.4 couldn't parse call of parent outer java class method from inner class
Fixed bug 1069: Eclipse plugin does not accept project-local config
Fixed bug 1111: False positive: Useless parentheses
Fixed bug 1114: CPD - Tokenizer not initialized with requested properties
Fixed bug 1118: ClassCastException in pmd.lang.ecmascript.ast.ASTElementGet
May 1, 2013 - 5.0.4:
Fixed bug 254: False+ : UnusedImport with Javadoc @throws
Fixed bug 794: False positive on PreserveStackTrace with anonymous inner
Fixed bug 1063: False+: ArrayIsStoredDirectly
Fixed bug 1080: net.sourceforge.pmd.cpd.CPDTest test failing
Fixed bug 1081: Regression: CPD skipping all files when using relative paths
Fixed bug 1082: CPD performance issue on larger projects
Fixed bug 1085: NullPointerException by at net.sourceforge.pmd.lang.java.rule.design.GodClassRule.visit(GodClassRule.java:313)
Fixed bug 1086: Unsupported Element and Attribute in Ant Task Example
Fixed bug 1087: PreserveStackTrace (still) ignores initCause()
Fixed bug 1089: When changing priority in a custom ruleset, violations reported twice
April 5, 2013 - 5.0.3:
Fixed bug 938: False positive on LooseCoupling for overriding methods
Fixed bug 940: False positive on UnsynchronizedStaticDateFormatter
Fixed bug 942: CheckResultSet False Positive and Negative
Fixed bug 943: PreserveStackTrace false positive if a StringBuffer exists
Fixed bug 945: PMD generates RuleSets it cannot read.
Fixed bug 958: Intermittent NullPointerException while loading XPath node attributes
Fixed bug 968: Issues with JUnit4 @Test annotation with expected exception (Thanks to Yiannis Paschalidis)
Fixed bug 975: false positive in ClassCastExceptionWithToArray
Fixed bug 976: UselessStringValueOf wrong when appending character arrays
Fixed bug 977: MisplacedNullCheck makes false positives
Fixed bug 984: Cyclomatic complexity should treat constructors like methods
Fixed bug 985: Suppressed methods shouldn't affect avg CyclomaticComplexity
Fixed bug 992: Class java.beans.Statement triggered in CloseResource rule
Fixed bug 997: Rule NonThreadSafeSingleton gives analysis problem
Fixed bug 999: Law of Demeter: False positives and negatives
Fixed bug 1002: False +: FinalFieldCouldBeStatic on inner class
Fixed bug 1005: False + for ConstructorCallsOverridableMethod - overloaded methods
Fixed bug 1027: PMD Ant: java.lang.ClassCastException
Fixed bug 1032: ImmutableField Rule: Private field in inner class gives false positive
Fixed bug 1064: Exception running PrematureDeclaration
Fixed bug 1068: CPD fails on broken symbolic links
Fixed bug 1073: Hard coded violation messages CommentSize
Fixed bug 1074: rule priority doesn't work on group definitions
Fixed bug 1076: Report.treeIterator() does not return all violations
Fixed bug 1077: Missing JavaDocs for Xref-Test Files
Fixed bug 1078: Package statement introduces false positive UnnecessaryFullyQualifiedName violation
Merged pull request #14: fix Nullpointer Exception when using -l jsp
February 3, 2013 - 5.0.2:
Fixed bug 878: False positive: UnusedFormalParameter for abstract methods
Fixed bug 913: SignatureDeclareThrowsException is raised twice
Fixed bug 947: CloseResource rule fails if field is marked with annotation
Fixed bug 1004: targetjdk isn't attribute of PMD task
Fixed bug 1007: Parse Exception with annotation
Fixed bug 1011: CloseResource Rule ignores Constructors
Fixed bug 1012: False positive: Useless parentheses.
Fixed bug 1020: Parsing Error
Fixed bug 1026: PMD doesn't handle 'value =' in SuppressWarnings annotation
Fixed bug 1028: False-positive: Compare objects with equals for Enums
Fixed bug 1030: CPD Java.lang.IndexOutOfBoundsException: Index:
Fixed bug 1037: Facing a showstopper issue in PMD Report Class (report listeners)
Fixed bug 1039: pmd-nicerhtml.xsl is packaged in wrong location
Fixed bug 1043: node.getEndLine() always returns 0 (ECMAscript)
Fixed bug 1044: Unknown option: -excludemarker
Fixed bug 1046: ant task CPDTask doesn't accept ecmascript
Fixed bug 1047: False Positive in 'for' loops for LocalVariableCouldBeFinal in 5.0.1
Fixed bug 1048: CommentContent Rule, String Index out of range Exception
Fixed bug 1049: Errors in "How to write a rule"
Fixed bug 1055: Please add a colon in the ant output after line,column for Oracle JDeveloper IDE usage
Fixed bug 1056: "Error while processing" while running on xml file with DOCTYPE reference
Fixed bug 1060: GodClassRule >>> wrong method
November 28, 2012 - 5.0.1:
Fixed bug 820: False+ AvoidReassigningParameters
Fixed bug 1008: pmd-5.0.0: ImmutableField false positive on self-inc/dec
Fixed bug 1009: pmd-5.0.0: False + UselessParentheses
Fixed bug 1003: newline characters stripped from CPD data in PMD 5.0.0
Fixed bug 1001: InsufficientStringBufferDeclaration fails to parse hex
Fixed bug 522: InefficientStringBuffering bug false +
Fixed bug 953: String.InefficientStringBuffering false +
Fixed bug 981: Unable to parse
Fixed bug 1010: pmd: parsing of generic method call with super fails
Fixed bug 996: pmd-4.2.6: MissingBreakInSwitch fails to report violation
Fixed bug 993: Invalid NPath calculation in return statement. Thanks to Prabhjot Singh for the patch.
Fixed bug 1023: c/c++ \ as a continuation character not supported
Fixed bug 1033: False+ : SingularField
Fixed bug 1025: Regression of Crash in PMDTask due to multithreading (Eclipse and Java 1.5)
Fixed bug 1017: Type resolution very slow for big project. Thanks to Roman for the patch.
Fixed bug 1036: Documentation: default threshold values removed from v5.0
Fixed bug 1035: UseObjectForClearerAPI has misspelled message
Fixed bug 1031: false DontImportJavaLang
Fixed bug 1034: UseConcurrentHashMap flags calls to methods that return Map
Fixed bug 1006: Problem with implementation of getPackageNameImage method
Fixed bug 1014: AvoidLiteralsInIfCondition must NOT consider null
Fixed bug 1013: jnlp link for CPD is wrong
PMD Command Line Changes:
Improved command line interface (CLI) parsing using JCommander.
Note: this breaks compatibility, but should be easy to fix.
With "-d" you specify nowtThe source files / source directory to be scanned.
With "-f" you select the report format (like text, html, ...)
With "-R" you select the rulesets to be used.
Example: pmd -d c:\data\pmd\pmd\test-data\Unused1.java -f xml -R rulesets/java/unusedcode.xml
Improved JSP parser to be less strict with not valid XML documents (like HTML). Thanks to Victor Bucutea.
Fixed bgastviewer not working. Thanks to Victor Bucutea.
Improved CPD: Support in CPD for IgnoreAnnotations and SuppressWarnings("CPD-START"). Thanks to Matthew Short.
Fixed C# support for CPD - thanks to TIOBE Software.
New Ecmascript rules:
Basic ruleset: AvoidTrailingComma
May, 1, 2012 - 5.0.0:
Fixed bug 3515487: Inconsistent reference to ruleset file in documentation
Fixed bug 3470274: Using Label for lines in XMLRenderer
Fixed bug 3175710: NPE in InsufficientStringBufferDeclaration
CPD:
- Exit with status code 4 when CPD detects code duplication (Patch ID: 3497021)
January 31, 2012 - 5.0-alpha:
This version of PMD breaks API compatibility with prior versions of PMD, as well
as RuleSet XML compatibility. Also the maven coordinates (groupId) have been changed.
The decision to break compatibility, allows PMD
internals and code organization to be improved to better handle additional
languages. This opportunity was used to remove depreciated APIs, and beat up
any code which has thumbed its nose at the developers over the years. ;)
The following is relatively complete list of the major changes (this may not be
100% accurate, see actual source code when in doubt):
Fixed bug (no number) - Fixed UseStringBufferLengthRule only worked once per class
All StringBuffer-related rules now also catch StringBuilder-related issues in the same way
API Change - Unification of treatment of languages within PMD core:
Added - net.sourceforge.pmd.lang.Language (now an 'enum')
Added - net.sourceforge.pmd.lang.LanguageVersion
Added - net.sourceforge.pmd.lang.LanguageVersionDiscoverer
Added - net.sourceforge.pmd.lang.LanguageVersionHandler
Added - net.sourceforge.pmd.lang.rule.xpath.XPathHandler
Added - net.sourceforge.pmd.lang.ast.xpath.AbstractASTXPathHandler
Added - net.sourceforge.pmd.lang.xpath.Initializer
Added - net.sourceforge.pmd.lang.ast.AbstractTokenManager
Added - net.sourceforge.pmd.lang.ast.CharStream
Added - net.sourceforge.pmd.lang.ast.JavaCharStream
Added - net.sourceforge.pmd.lang.ast.SimpleCharStream
Added - net.sourceforge.pmd.lang.ast.TokenMgrError
Added - net.sourceforge.pmd.lang.rule.stat.StatisticalRule
Added - net.sourceforge.pmd.lang.rule.stat.StatisticalRuleHelper
Added - net.sourceforge.pmd.lang.java.rule.AbstractStatisticalJavaRule
Added - net.sourceforge.pmd.lang.rule.AbstractRuleViolationFactory
Added - net.sourceforge.pmd.lang.rule.RuleViolationFactory
Added - net.sourceforge.pmd.lang.java.rule.JavaRuleViolationFactory
Added - net.sourceforge.pmd.lang.jsp.rule.JspRuleViolationFactory
Renamed - net.sourceforge.pmd.AbstractRule to net.sourceforge.pmd.lang.rule.AbstractRule
Renamed - net.sourceforge.pmd.AbstractJavaRule to net.sourceforge.pmd.lang.java.rule.AbstractJavaRule
Renamed - net.sourceforge.pmd.AbstractRuleChainVisitor to net.sourceforge.pmd.lang.rule.AbstractRuleChainVisitor
Renamed - net.sourceforge.pmd.RuleChainVisitor to net.sourceforge.pmd.lang.rule.RuleChainVisitor
Renamed - net.sourceforge.pmd.SourceFileSelector to net.sourceforge.pmd.lang.rule.LanguageFilenameFilter
Renamed - net.sourceforge.pmd.rule.XPathRule to net.sourceforge.pmd.lang.rule.XPathRule
Renamed - net.sourceforge.pmd.jsp.rule.AbstractJspRule to net.sourceforge.pmd.lang.jsp.rule.AbstractJspRule
Renamed - net.sourceforge.pmd.ast.CompilationUnit to net.sourceforge.pmd.lang.ast.RootNode
Renamed - net.sourceforge.pmd.ast.JavaRuleChainVisitor to net.sourceforge.pmd.lang.java.rule.JavaRuleChainVisitor
Renamed - net.sourceforge.pmd.jsp.ast.JspRuleChainVisitor to net.sourceforge.pmd.lang.jsp.rule.JspRuleChainVisitor
Renamed - net.sourceforge.pmd.parser.Parser to net.sourceforge.pmd.lang.Parser
Renamed - net.sourceforge.pmd.parser.TokenManager to net.sourceforge.pmd.lang.TokenManager
Renamed - net.sourceforge.pmd.parser.* into net.sourceforge.pmd.lang.{Language}
Renamed - net.sourceforge.pmd.sourcetypehandlers.SourceTypeHandler to net.sourceforge.pmd.lang.LanguageVersionHandler
Renamed - net.sourceforge.pmd.sourcetypehandlers.VisitorStarter to net.sourceforge.pmd.lang.VisitorStarter
Renamed - net.sourceforge.pmd.sourcetypehandlers.* into net.sourceforge.pmd.lang.{Language}
Renamed - net.sourceforge.pmd.stat.StatisticalRule to net.sourceforge.pmd.lang.rule.StatisticalRuleHelper
Renamed - net.sourceforge.pmd.jaxen.TypeOfFunction to net.sourceforge.pmd.lang.java.xpath.TypeOfFunction
Renamed - net.sourceforge.pmd.jaxen.MatchesFunction to net.sourceforge.pmd.lang.xpath.MatchesFunction
Renamed - net.sourceforge.pmd.jaxen.Attribute to net.sourceforge.pmd.lang.rule.xpath.Attribute
Renamed - net.sourceforge.pmd.jaxen.AttributeAxisIterator to net.sourceforge.pmd.lang.ast.xpath.AttributeAxisIterator
Renamed - net.sourceforge.pmd.jaxen.DocumentNavigator to net.sourceforge.pmd.lang.ast.xpath.DocumentNavigator
Renamed - net.sourceforge.pmd.jaxen.NodeIterator to net.sourceforge.pmd.lang.ast.xpath.NodeIterator
Renamed - net.sourceforge.pmd.ast.* into net.sourceforge.pmd.lang.java.ast.*
Renamed - net.sourceforge.pmd.rules.* into net.sourceforge.pmd.lang.java.rule.* and updated to follow conventions
Renamed - net.sourceforge.pmd.jsp.ast.* into net.sourceforge.pmd.lang.jsp.ast.*
Renamed - net.sourceforge.pmd.jsp.rules.* into net.sourceforge.pmd.lang.jsp.ast.rule.* and updated to follow conventions
Deleted - net.sourceforge.pmd.cpd.cppast.* into net.sourceforge.pmd.lang.cpp.ast.*
Deleted - net.sourceforge.pmd.CommonAbstractRule
Deleted - net.sourceforge.pmd.SourceFileConstants
Deleted - net.sourceforge.pmd.SourceType
Deleted - net.sourceforge.pmd.SourceTypeDiscoverer
Deleted - net.sourceforge.pmd.SourceTypeToRuleLanguageMapper
Deleted - net.sourceforge.pmd.TargetJDK1_3
Deleted - net.sourceforge.pmd.TargetJDK1_4
Deleted - net.sourceforge.pmd.TargetJDK1_5
Deleted - net.sourceforge.pmd.TargetJDK1_6
Deleted - net.sourceforge.pmd.TargetJDK1_7
Deleted - net.sourceforge.pmd.TargetJDKVersion
Deleted - net.sourceforge.pmd.cpd.SourceFileOrDirectoryFilter
Deleted - net.sourceforge.pmd.sourcetypehandlers.SourceTypeHandlerBroker
Deleted - net.sourceforge.pmd.ast.JavaCharStream
Deleted - net.sourceforge.pmd.ast.CharStream
Deleted - net.sourceforge.pmd.ast.TokenMgrError
Deleted - net.sourceforge.pmd.jsp.ast.JspCharStream
Deleted - net.sourceforge.pmd.jsp.ast.TokenMgrError
API Change - Generalize RuleViolation treatment
Renamed - net.sourceforge.pmd.IRuleViolation to net.sourceforge.pmd.RuleViolation
Renamed - net.sourceforge.pmd.RuleViolation to net.sourceforge.pmd.lang.rule.AbstractRuleViolation
Added - net.sourceforge.pmd.RuleViolationComparator
Added - net.sourceforge.pmd.lang.java.rule.JavaRuleViolation
Added - net.sourceforge.pmd.lang.jsp.rule.JspRuleViolation
API Change - Generalize DFA treatment
Renamed - net.sourceforge.pmd.dfa.IDataFlowNode to net.sourceforge.pmd.lang.dfa.DataFlowNode
Renamed - net.sourceforge.pmd.dfa.DataFlowNode to net.sourceforge.pmd.lang.dfa.AbstractDataFlowNode
Renamed - net.sourceforge.pmd.dfa.Linker to net.sourceforge.pmd.lang.dfa.Linker
Renamed - net.sourceforge.pmd.dfa.LinkerException to net.sourceforge.pmd.lang.dfa.LinkerException
Renamed - net.sourceforge.pmd.dfa.NodeType to net.sourceforge.pmd.lang.dfa.NodeType
Renamed - net.sourceforge.pmd.dfa.StackObject to net.sourceforge.pmd.lang.dfa.StackObject
Renamed - net.sourceforge.pmd.dfa.SequenceChecker to net.sourceforge.pmd.lang.dfa.SequenceChecker
Renamed - net.sourceforge.pmd.dfa.SequenceException to net.sourceforge.pmd.lang.dfa.SequenceException
Renamed - net.sourceforge.pmd.dfa.StartOrEndDataFlowNode to net.sourceforge.pmd.lang.dfa.StartOrEndDataFlowNode
Renamed - net.sourceforge.pmd.dfa.Structure to net.sourceforge.pmd.lang.dfa.Structure
Renamed - net.sourceforge.pmd.dfa.variableaccess.VariableAccess to net.sourceforge.pmd.lang.dfa.VariableAccess
Renamed - net.sourceforge.pmd.dfa.variableaccess.VariableAccessException to net.sourceforge.pmd.lang.dfa.VariableAccessException
Renamed - net.sourceforge.pmd.dfa.pathfinder.* to net.sourceforge.pmd.lang.dfa.pathfinder.*
Renamed - net.sourceforge.pmd.dfa.report.* to net.sourceforge.pmd.lang.dfa.report.*
Renamed - net.sourceforge.pmd.dfa.DaaRuleViolation to net.sourceforge.pmd.lang.java.dfa.DaaRuleViolation
Renamed - net.sourceforge.pmd.dfa.DataFlowFacade to net.sourceforge.pmd.lang.java.dfa.DataFlowFacade
Renamed - net.sourceforge.pmd.dfa.StatementAndBraceFinder to net.sourceforge.pmd.lang.java.dfa.StatementAndBraceFinder
Renamed - net.sourceforge.pmd.dfa.variableaccess.VariableAccessVisitor to net.sourceforge.pmd.lang.java.dfa.VariableAccessVisitor
Added - net.sourceforge.pmd.lang.java.dfa.JavaDataFlowNode
Added - net.sourceforge.pmd.lang.DataFlowHandler
API Change - Generalize Symbol Table treatement
Deleted - net.sourceforge.pmd.symboltable.JspSymbolFacade
Deleted - net.sourceforge.pmd.symboltable.JspScopeAndDeclarationFinder
Renamed - net.sourceforge.pmd.symboltable.* to net.sourceforge.pmd.lang.java.symboltable.*
API Change - Generalize Type Resolution treatment
Renamed - net.sourceforge.pmd.typeresolution.* to net.sourceforge.pmd.lang.java.typeresolution.*
API Change - Generalize Property Descriptor treatment
Renamed - net.sourceforge.pmd.properties.* to net.sourceforge.pmd.lang.rule.properties.*
Renamed - net.sourceforge.pmd.properties.AbstractPMDProperty to net.sourceforge.pmd.lang.rule.properties.AbstractProperty
Changed - net.sourceforge.pmd.properties.PropertyDescriptor to use Generics, and other changes
Added - net.sourceforge.pmd.lang.rule.properties.* new types and other API changes
API Change - Generalize AST treatment
Added - net.sourceforge.pmd.lang.ast.Node (interface extracted from old Node/SimpleNode)
Added - net.sourceforge.pmd.lang.ast.AbstractNode
Added - net.sourceforge.pmd.ast.DummyJavaNode
Added - net.sourceforge.pmd.jsp.ast.AbstractJspNode
Added - net.sourceforge.pmd.jsp.ast.JspNode
Renamed - net.sourceforge.pmd.ast.SimpleJavaNode to net.sourceforge.pmd.ast.AbstractJavaNode
Renamed - net.sourceforge.pmd.ast.SimpleJavaTypeNode to net.sourceforge.pmd.ast.AbstractJavaTypeNode
Renamed - net.sourceforge.pmd.ast.SimpleJavaAccessNode to net.sourceforge.pmd.ast.AbstractJavaAccessNode
Renamed - net.sourceforge.pmd.ast.SimpleJavaAccessTypeNode to net.sourceforge.pmd.ast.AbstractJavaAccessTypeNode
Deleted - net.sourceforge.pmd.ast.Node
Deleted - net.sourceforge.pmd.ast.SimpleNode
Deleted - net.sourceforge.pmd.ast.AccessNodeInterface
Deleted - net.sourceforge.pmd.jsp.ast.Node
Deleted - net.sourceforge.pmd.jsp.ast.SimpleNode
API Change - General code reorganization/cleanup
Renamed - net.sourceforge.pmd.AbstractDelegateRule to net.sourceforge.pmd.lang.rule.AbstractDelegateRule
Renamed - net.sourceforge.pmd.MockRule to net.sourceforge.pmd.lang.rule.MockRule
Renamed - net.sourceforge.pmd.RuleReference to net.sourceforge.pmd.lang.rule.RuleReference
Renamed - net.sourceforge.pmd.ScopedLogHandlersManager to net.sourceforge.pmd.util.log.ScopedLogHandlersManager
Renamed - net.sourceforge.pmd.util.AntLogHandler to net.sourceforge.pmd.util.log.AntLogHandler
Renamed - net.sourceforge.pmd.util.ConsoleLogHandler to net.sourceforge.pmd.util.log.ConsoleLogHandler
Renamed - net.sourceforge.pmd.util.PmdLogFormatter to net.sourceforge.pmd.util.log.PmdLogFormatter
API Change - Changes to Rule/RuleSet/RuleSets
Removed - boolean Rule.include()
Removed - void Rule.setInclude(boolean)
Removed - String Rule.getRulePriorityName()
Removed - String Rule.getExample()
Removed - Rule.LOWEST_PRIORITY
Removed - Rule.PRIORITIES
Removed - Properties Rule.getProperties()
Removed - Rule.addProperties(Properties)
Removed - boolean Rule.hasProperty(String)
Removed - RuleSet.applies(Language,Language)
Removed - RuleSet.getLanguage()
Removed - RuleSet.setLanguage(Language)
Removed - RuleSets.applies(Language,Language)
Changed - void Rule.setPriority(int) to void Rule.setPriority(RulePriority)
Changed - int Rule.getPriority() to void RulePriority Rule.getPriority()
Changed - XXX Rule.getXXXProperty(String) to <T> Rule.getProperty(PropertyDescriptor<T>)
Changed - XXX Rule.getXXXProperty(PropertyDescriptor) to <T> Rule.getProperty(PropertyDescriptor<T>)
Changed - Rule.addProperty(String, String) to Rule.setProperty(PropertyDescriptor<T>, T)
Changed - Rule.setProperty(PropertyDescriptor, Object) to Rule.setProperty(PropertyDescriptor<T>, T)
Changed - Rule.setProperty(PropertyDescriptor, Object[]) to Rule.setProperty(PropertyDescriptor<T>, T)
Changed - Rule.propertyValuesByDescriptor() to Rule.getPropertiesByPropertyDescriptor()
Changed - PropertyDescriptor Rule.propertyDescriptorFor(String) to PropertyDescriptor Rule.getPropertyDescriptor(String)
Changed - boolean RuleSet.usesDFA() to boolean RuleSet.usesDFA(Language)
Changed - boolean RuleSet.usesTypeResolution() to boolean RuleSet.usesTypeResolution(Language)
Added - Rule.setLanguage(Language)
Added - Language Rule.getLanguage()
Added - Rule.setMinimumLanguageVersion(LanguageVersion)
Added - LanguageVersion Rule.getMinimumLanguageVersion()
Added - Rule.setMaximumLanguageVersion(LanguageVersion)
Added - LanguageVersion Rule.getMaximumLanguageVersion()
Added - Rule.setDeprecated(boolean)
Added - boolean Rule.isDeprecated()
Added - String Rule.dysfunctionReason();
Added - Rule.definePropertyDescriptor(PropertyDescriptor)
Added - List<PropertyDescriptor> Rule.getPropertyDescriptors()
Added - RuleSet.applies(Rule,LanguageVersion)
API Change - Changes to PMD class
Renamed - PMD.EXCLUDE_MARKER to PMD.SUPPRESS_MARKER
Removed - PMD.processFile(InputStream, RuleSet, RuleContext)
Removed - PMD.processFile(InputStream, String, RuleSet, RuleContext)
Removed - PMD.processFile(Reader, RuleSet, RuleContext)
Removed - PMD.processFile(Reader, RuleSets, RuleContext, LanguageVersion)
Moved - PMD.getExcludeMarker() to Configuration.getSuppressMarker()
Moved - PMD.setExcludeMarker(String) to Configuration.getSuppressMarker(String)
Moved - PMD.getClassLoader() to Configuration.getClassLoader()
Moved - PMD.setClassLoader(ClassLoader) to Configuration.getClassLoader(ClassLoader)
Moved - PMD.setDefaultLanguageVersion(LanguageVersion) to Configuration.setDefaultLanguageVersion(LanguageVersion)
Moved - PMD.setDefaultLanguageVersions(List<LanguageVersion>) to Configuration.setDefaultLanguageVersions(List<LanguageVersion>)
Moved - PMD.createClasspathClassLoader(String) to Configuration.createClasspathClassLoader(String)
API Change - Changes to Node interface
Renamed - Node.findChildrenOfType(Class) as Node.findDescendantsOfType(Class)
Renamed - Node.getFirstChildOfType(Class) as Node.getFirstDescendantOfType(Class)
Renamed - Node.containsChildOfType(Class) as Node.hasDescendantOfType(Class)
Renamed - Node.getAsXml() as Node.getAsDocument()
Added - Node.findChildrenOfType(Class), non recursive version
Added - Node.getFirstChildOfType(Class), non recursive version
API Change - Remove deprecated APIs
Removed - AccessNode.setXXX() methods, use AccessNode.setXXX(boolean) instead.
Removed - PMDException.getReason()
Removed - RuleSetFactory.createRuleSet(String,ClassLoader), use RuleSetFactory.setClassLoader(ClassLoader) and RuleSetFactory.createRuleSets(String) instead.
Removed - net.sourceforge.pmd.cpd.FileFinder use net.sourceforge.pmd.util.FileFinder instead.
API Change - RuleSetFactory
Added - RuleSetFactory.setClassLoader(ClassLoader)
Added - RuleSetFactory.createRuleSets(List<RuleSetReferenceId>)
Added - RuleSetFactory.createRuleSet(RuleSetReferenceId)
Added - RuleSetFactory.setClassLoader(ClassLoader)
Added - RuleSetReferenceId class to handle parsing of RuleSet strings, see RuleSetReferenceId.parse(String)
Renamed - RuleSetFactory.createSingleRuleSet(String) to RuleSetFactory.createRuleSet(String);
Removed - RuleSetFactory.createRuleSets(String, ClassLoader), use RuleSetFactory.createRuleSets(String) instead.
Removed - RuleSetFactory.createSingleRuleSet(String, ClassLoader), use RuleSetFactory.createSingleRuleSet(String) instead.
Removed - RuleSetFactory.createRuleSet(InputStream, ClassLoader), use RuleSetFactory.createRuleSet(RuleSetReferenceId) instead.
Removed - ExternalRuleID, use RuleSetReferenceId instead
Removed - SimpleRuleSetNameMapper, use RuleSetReferenceId instead
API Change - Changes to Renderer class, and Renderer implementations
Added - Renderer.getName()
Added - Renderer.setName(String)
Added - Renderer.getDescription()
Added - Renderer.setDescription(String)
Added - Renderer.getPropertyDefinitions()
Added - Renderer.isShowSuppressedViolations()
Added - AbstractAccumulatingRenderer
Removed - Renderer.render(Report)
Removed - Renderer.render(Report, Writer)
Renamed - Renderer.showSuppressedViolations(boolean) to Renderer.setShowSuppressedViolations(boolean)
Renamed - PapariTextRenderer to TextColorRenderer
Renamed - OntheFlyRenderer to AbstractIncrementingRenderer
PMD command line changes:
Removed -lineprefix use -property linePrefix {value} instead
Removed -linkprefix use -property linkPrefix {value} instead
Removed -xslt use -property xsltFilename {value} instead
Removed -nojsp now obsolete
Removed -targetjdk use -version {name} {version} instead
Added -version {name} {version} to set language version to use for a given language
Added -property {name} {value} as generic way to pass properties to Renderers
Added -showsuppressed as a means to show suppressed rule violations (consistent with Ant task behavior)
Renamed 'nicehtml' report to 'xslt'
Renamed 'papari' report to 'textcolor'
Renamed -excludemarker option to -suppressmarker
Renamed -cpus option to -threads
Ant changes:
Removed - <formatter> 'linkPrefix' attribute, use <param name="linkPrefix"> instead
Removed - <formatter> 'linePrefix' attribute, use <param name="linePrefix"> instead
Changed - <formatter> is optional - if not specified, falls back to "text" and console output.
Removed - <pmd> 'targetJDK' attribute to <version>lang version</version> instead
Added - <param name="name" value="value"/> as generic way to pass properties to Renderers on <formatter>
Renamed - <pmd> 'excludeMarker' attribute to 'suppressMarker'
Renamed - <pmd> 'cpus' attribute to 'threads'
Maven changes:
The new maven coordinates are: net.sourceforge.pmd:pmd, e.g.
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd</artifactId>
<version>5.0</version>
</dependency>
New features:
New Language 'ecmascript' added, for writing XPathRule and Java Rules against ECMAScript/JavaScript documents (must be standalone, not embedded in HTML). Many thanks to Rhino!
New Language 'xml' added, for writing XPathRules against XML documents
New Language 'xsl' added, as a derivative from XML.
Rules can now define a 'violationSuppressRegex' property to universally suppress violations with messages matching the given regular expression
Rules can now define a 'violationSuppressXPath' property to universally suppress violations on nodes which match the given relative XPath expression
Rules are now directly associated with a corresponding Language, and a can also be associated with a specific Language Version range if desired.
Rules can now be flagged with deprecated='true' in the RuleSet XML to allow the PMD Project to indicate a Rule (1) is scheduled for removal, (2) has been removed, or (3) has been renamed/moved.
XPathRules can now query using XPath 2.0 with 'version=2.0"', or XPath 2.0 in XPath 1.0 compatibility mode using 'version="1.0 compatibility"'. Many thanks to Saxon!
Rules can now use property values in messages, for example ${propertyName} will expand to the value of the 'propertyName' property on the Rule.
Rules can now use violation specific values in messages, specifically ${variableName}, ${methodName}, ${className}, ${packageName}.
New XPath function 'getCommentOn' can be used to search for strings in comments - Thanks to Andy Throgmorton
CPD:
Add .hxx and .hpp as valid file extension for CPD - Thanks to Ryan Pavlik
Add options to to the CPD command line task - Thanks to Cd-Man
Add C# support for CPD - thanks to Florian Bauer
Fix small bug in Rule Designer UI
Performance enhacement when parsing Javadoc (Patch ID: 3217201), thanks to Cd-Man
Rework the XMLRenderer to use proper XML API and strictly uses the system value for encoding (Fix bug: 1435751)
Other changes:
Rule property API upgrades:
All numeric property descriptors can specify upper & lower limits
Newly functional Method & Type descriptors allow rule developers to incorporate/watch for individual methods or types
Better initialization error detection
Deprecated old string-keyed property API, will leave some methods behind for XPath rules however
'41' and '42' shortcuts for rulesets added
The default Java version processed by PMD is now uniformly Java 1.5.
RuleViolations in Reports now uses List internally, and RuleViolationComparator is no longer broken
TokenManager errors now include a file name whenever possible for every AST in PMD
Added file encoding option to CPD GUI, which already existed for the command line and Ant
AssignmentInOperand enhanced to catch assignment in 'for' condition, as well as use of increment/decrement operators. Customization properties added to allow assignment in if/while/for, or use of increment/decrement.
Fix false positive on CastExpressions for UselessParentheses
Fix false positive where StringBuffer.setLength(0) was using default constructor size of 16, instead of actual constructor size.
Fix false negative for non-primitive types for VariableNamingConventions, also expanded scope to local and method/constructors, and enhanced customization options to choose between members/locals/parameters (all checked by default)
Fix false negative for UseArraysAsList when the array was passed as method parameter - thanks to Andy Throgmorton
Improve TooManyMethods rule - thanks to a patch from Riku Nykanen
Improve DoNotCallSystemExit - thanks to a patch from Steven Christou
Correct -benchmark reporting of Rule visits via the RuleChain
Creating an Empty Code Ruleset and moved the following rules from Basic ruleset:
* Empty Code Rules
* EmptyCatchBlock
* EmptyIfStmt
* EmptyWhileStmt
* EmptyTryBlock
* EmptyFinallyBlock
* EmptySwitchStatements
* EmptySynchronizedBlock
* EmptyStatementNotInLoop
* EmptyInitializer
* EmptyStatementBlock
* EmptyStaticInitializer
Basic rulesets still includes a reference to those rules.
Creating a unnecessary Code Ruleset and moved the following rules from Basic ruleset:
* UnnecessaryConversionTemporary
* UnnecessaryReturn
* UnnecessaryFinalModifier
* UselessOverridingMethod
* UselessOperationOnImmutable
* UnusedNullCheckInEquals
* UselessParentheses
Basic rulesets still includes a reference to those rules.
Fixed bug 2920057 - Fixed False + on CloseResource
Fixed bug 1808110 - Fixed performance issues on PreserveStackTrace
Fixed bug 2832322 - cpd.xml file tag path attribute should be entity-encoded
Fixed bug 2826119 - False +: DoubleCheckedLocking warning with volatile field
Fixed bug 2835074 - False -: DoubleCheckedLocking with reversed null check
Fixed bug 1932242 - EmptyMethodInAbstractClassShouldBeAbstract false +
Fixed bug 1928009 - Error using migration ruleset in PMD 4.2
Fixed bug 1808110 - PreserveStackTrace
Fixed bug 1988829 - Violation reported without source file name (actually a fix to ConsecutiveLiteralAppends)
Fixed bug 1989814 - false +: ConsecutiveLiteralAppends
Fixed bug 1977230 - false positive: UselessOverridingMethod
Fixed bug 1998185 - BeanMembersShouldSerialize vs @SuppressWarnings("serial")
Fixed bug 2002722 - false + in UseStringBufferForStringAppends
Fixed bug 2056318 - False positive for AvoidInstantiatingObjectsInLoops
Fixed bug 1977438 - False positive for UselessStringValueOf
Fixed bug 2050064 - False + SuspiciousOctalEscape with backslash literal
Fixed bug 1556594 - Wonky detection of NullAssignment
Fixed bug 1481051 - false + UnusedNullCheckInEquals (and other false positives too)
Fixed bug 1943204 - Ant task: <ruleset> path should be relative to Ant basedir
Fixed patch 2075906 - Add toString() to the rule UnnecessaryWrapperObjectCreation
Fixed bug 2315623 - @SuppressWarnings("PMD.UseSingleton") has no effect
Fixed bug 2230809 - False +: ClassWithOnlyPrivateConstructorsShouldBeFinal
Fixed bug 2338341 - ArrayIndexOutOfBoundsException in CPD (on Ruby)
Fixed bug 2315599 - False +: UseSingleton with class containing constructor
Fixed bug 1955852 - false positives for UnusedPrivateMethod & UnusedLocalVariable
Fixed bug 2404700 - UseSingleton should not act on enums
Fixed bug - JUnitTestsShouldIncludeAssert now detects Junit 4 Assert.assert... constructs
Fixed bug 1609038 - Xslt report generators break if path contains "java"
Fixed bug 2142986 - UselessOverridingMethod doesn't consider annotations
Fixed bug 2027626 - False + : AvoidFinalLocalVariable
Fixed bug 2606609 - False "UnusedImports" positive in package-info.java
Fixed bug 2645268 - ClassCastException in UselessOperationOnImmutable.getDeclaration
Fixed bug 2724653 - AvoidThreadGroup reports false positives
Fixed bug 2904832 - Type resolution not working for ASTType when using an inner class
Fixed bug 1435751 - XML format does not support UTF-8
Fixed bug 3303811 - Deadlink on "Similar projects" page
Fixed bug 3017616 - Updated documentation regarding Netbeans plugin - thanks to Jesse Glick
Fixed bug 3427563 - Deprecated class (android.util.config) - thanks to Lukas Reschke for the patch
ruleset.dtd and ruleset_xml_schema.xsd added to jar file in rulesets directory
bin and java14/bin scripts:
retroweaver version was not correct in java14/bin scripts
support for extra languages in cpd.sh
standard unix scripts can be used with cygwin
Upgrading UselessOperationOnImmutable to detect more use cases, especially on String and fix false positives
AvoidDuplicateLiteralRule now has 'skipAnnotations' boolean property
Fixed false positive in UnusedImports: javadoc comments are parsed to check @see and other tags
Fixed parsing bug: constant fields in annotation classes
Bug fix: NPE in MoreThanOneLogger
UnnecessaryParentheses now checks all expressions, not just return statements
UnusedFormalParameter now reports violations on the parameter node, not the method/constructor node
Updates to RuleChain to honor RuleSet exclude-pattern
Optimizations and false positive fixes in PreserveStackTrace
@SuppressWarnings("all") disables all warnings
SingularField now checks for multiple fields in the same declaration
Java grammar enhanced to include AnnotationMethodDeclaration as parent node of method related children of AnnotationTypeMemberDeclaration
JavaCC generated artifacts updated to JavaCC 4.1.
Dependencies updates: asm updated to 3.2
Ant requirement is now 1.7.0 or higher for compilation
JUnit testing jar is packaged on 1.7.0+ only in ant binary distributions
Note that the ant task still works with 1.6.0 and higher
All comment types are now stored in ASTCompilationUnit, not just formal ones
Fixed false negative in UselessOverridingMethod
Fixed handling of escape characters in UseIndexOfChar and AppendCharacterWithChar
Fixed ClassCastException on generic method in BeanMembersShouldSerialize
Fixed ClassCastException in symbol table code
Support for Java 1.4 runtime dropped, PMD now requires Java 5 or higher. PMD can still process Java 1.4 source files.
Support for Java 1.7
Text renderer is now silent if there's no violation instead of displaying "No problems found!"
RuleSet short names now require a language prefix, 'basic' is now 'java-basic', and 'rulesets/basic.xml' is now 'rulesets/java/basic.xml'
The JSP RuleSets are now in the 'jsp' language, and are 'jsp-basic', 'jsp-basic-jsf', 'rulesets/jsp/basic.xml' and 'rulesets/jsp/basic-jsp.xml'
Enhanced logging in the ClassTypeResolver to provide more detailed messaging.
AvoidUsingHardCodedIP modified to not use InetAddress.getByName(String), instead does better pattern analysis.
The JSP/JSF parser can now parse Unicode input.
The JSP/JSP parser can now handle <script>...</script> tags. The AST HtmlScript node contains the content.
Added Ecmascript as a supported language for CPD.
The RuleSet XML Schema namespace is now: http://pmd.sourceforge.net/ruleset/2.0.0
The RuleSet XML Schema is located in the source at: etc/ruleset_2_0_0.xs