Old Release Notes

Previous versions of PMD can be downloaded here: Releases - pmd/pmd (GitHub)

31-May-2024 - 7.2.0

The PMD team is pleased to announce PMD 7.2.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • Collections exposed as XPath attributes
  • Updated PMD Designer
• 🐛 Fixed Issues
• 🚨 API Changes
  • Deprecated API
• ✨ External Contributions
• 📈 Stats

🚀 New and noteworthy

Collections exposed as XPath attributes

Up to now, all AST node getters would be exposed to XPath, as long as the return type was a primitive (boxed or unboxed), String or Enum. That meant that collections, even of these basic types, were not exposed, so for instance accessing Apex’s ASTUserClass.getInterfaceNames() to list the interfaces implemented by a class was impossible from XPath, and would require writing a Java rule to check it.

Since this release, PMD will also expose any getter returning a collection of any supported type as a sequence through an XPath attribute. They would require to use apropriate XQuery functions to manipulate the sequence. So for instance, to detect any given ASTUserClass in Apex that implements Queueable, it is now possible to write:

/UserClass[@InterfaceNames = 'Queueable']

Updated PMD Designer

This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog (7.2.0).

🐛 Fixed Issues

• core
  • #4467: [core] Expose collections from getters as XPath sequence attributes
  • #4978: [core] Referenced Rulesets do not emit details on validation errors
  • #4983: [cpd] Fix CPD crashes about unicode escapes
  • #5009: [core] Kotest tests aren’t picked up by surefire
• java
  • #4912: [java] Unable to parse some Java9+ resource references
  • #4973: [java] Stop parsing Java for CPD
  • #4980: [java] Bad intersection, unrelated class types java.lang.Object[] and java.lang.Number
  • #4988: [java] Fix impl of ASTVariableId::isResourceDeclaration / VariableId/@ResourceDeclaration
  • #4990: [java] Add an attribute @PackageQualifier to ASTClassType
  • #5006: [java] Bad intersection, unrelated class types Child and Parent<? extends Child>
  • #5029: [java] PMD 7.x throws stack overflow in TypeOps$ProjectionVisitor while parsing a Java class
• java-bestpractices
  • #4278: [java] UnusedPrivateMethod FP with Junit 5 @MethodSource and default factory method name
  • #4852: [java] ReplaceVectorWithList false-positive (neither Vector nor List usage)
  • #4975: [java] UnusedPrivateMethod false positive when using @MethodSource on a @Nested test
  • #4985: [java] UnusedPrivateMethod false-positive / method reference in combination with custom object
• java-codestyle
  • #1619: [java] LocalVariableCouldBeFinal on ‘size’ variable in for loop
  • #3122: [java] LocalVariableCouldBeFinal should consider blank local variables
  • #4903: [java] UnnecessaryBoxing, but explicit conversion is necessary
  • #4924: [java] UnnecessaryBoxing false positive in PMD 7.0.0 in lambda
  • #4930: [java] EmptyControlStatement should not allow empty try with concise resources
  • #4954: [java] LocalVariableNamingConventions should allow unnamed variables by default
  • #5028: [java] FormalParameterNamingConventions should accept unnamed parameters by default
• java-errorprone
  • #4042: [java] A false negative about the rule StringBufferInstantiationWithChar
  • #5007: [java] AvoidUsingOctalValues triggers on non-octal double literals with a leading 0
• java-multithreading
  • #2368: [java] False positive UnsynchronizedStaticFormatter in static initializer

🚨 API Changes

Deprecated API

• pmd-java
  • ASTResource#getStableName and the corresponding attribute @StableName

✨ External Contributions

• #5020: [java] Fix AvoidUsingOctalValues false-positive - Gold856 (@Gold856)

📈 Stats

• 152 commits
• 46 closed tickets & PRs
• Days since last release: 35

26-April-2024 - 7.1.0

The PMD team is pleased to announce PMD 7.1.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • More robust CPD reports
  • ✨ New Rules
  • 🌟 Rule Changes
• 🐛 Fixed Issues
• 🚨 API Changes
  • Deprecated methods
• ✨ External Contributions
• 📈 Stats

🚀 New and noteworthy

More robust CPD reports

There were a number of circumstances, specially around (but not limited to) literal sequences, were CPD would report duplicate overlapping or partially overlapping matches. These have now been fixed, and CPD will report only the longest non-overlapping duplicate.

These improvements apply to all supported languages, irrespective of supported flags.

✨ New Rules

• The new Java rule UnnecessaryVarargsArrayCreation reports explicit array creation when a varargs is expected. This is more heavy to read and could be simplified.
• The new Java rule ConfusingArgumentToVarargsMethod reports some confusing situations where a varargs method is called with an inexact argument type. These may end up in a mismatch between the expected parameter type and the actual value.
• The new Java rule LambdaCanBeMethodReference reports lambda expressions that can be replaced with a method reference. Please read the documentation of the rule for more info. This rule is now part of the Quickstart ruleset.

🌟 Rule Changes

• JUnitTestsShouldIncludeAssert and JUnitTestContainsTooManyAsserts have a new property named extraAssertMethodNames. With this property, you can configure which additional static methods should be considered as valid verification methods. This allows to use custom mocking or assertion libraries.

🐛 Fixed Issues

• core
  • #494: [core] Adopt JApiCmp to enforce control over API changes
  • #4942: [core] CPD: --skip-duplicate-files has no effect (7.0.0 regression)
  • #4959: [core] Upgrade saxon to 12.4
• cli
  • #4791: [cli] Could not find or load main class
  • #4913: [cli] cpd-gui closes immediately
• doc
  • #4901: [doc] Improve documentation on usage of violationSuppressXPath
• apex
  • #4418: [apex] ASTAnnotation.getImage() does not return value as written in the class
• apex-errorprone
  • #3953: [apex] EmptyCatchBlock false positive with formal (doc) comments
• cpp
  • #2438: [cpp] Repeated Duplication blocks
• java
  • #4899: [java] Parsing failed in ParseLock#doParse() java.io.IOException: Stream closed
  • #4902: [java] “Bad intersection, unrelated class types” for Constable[] and Enum[]
  • #4947: [java] Broken TextBlock parser
• java-bestpractices
  • #1084: [java] Allow JUnitTestsShouldIncludeAssert to configure verification methods
  • #3216: [java] New rule: UnnecessaryVarargsArrayCreation
  • #4435: [java] [7.0-rc1] UnusedAssignment for used field
  • #4569: [java] ForLoopCanBeForeach reports on loop for (int i = 0; i < list.size(); i += 2)
  • #4618: [java] UnusedAssignment false positive with conditional assignments of fields
• java-codestyle
  • #4602: [java] UnnecessaryImport: false positives with static imports
  • #4785: [java] False Positive: PMD Incorrectly report violation for UnnecessaryImport
  • #4779: [java] Examples in documentation of MethodArgumentCanBeFinal do not trigger the rule
  • #4881: [java] ClassNamingConventions: interfaces are identified as abstract classes (regression in 7.0.0)
• java-design
  • #2440: [java] FinalFieldCouldBeStatic FN when the right side of the assignment is a constant expression
  • #3694: [java] SingularField ignores static variables
  • #4873: [java] AvoidCatchingGenericException: Can no longer suppress on the exception itself
• java-errorprone
  • #2056: [java] CloseResource false-positive with URLClassLoader in cast expression
  • #4751: [java] PMD crashes when analyzing CloseResource Rule
  • #4928: [java] EmptyCatchBlock false negative when allowCommentedBlocks=true
  • #4948: [java] ImplicitSwitchFallThrough: False-positive with nested switch statements
• java-performance
  • #3845: [java] InsufficientStringBufferDeclaration should consider literal expression
  • #4874: [java] StringInstantiation: False-positive when using new String(charArray)
  • #4886: [java] BigIntegerInstantiation: False Positive with Java 17 and BigDecimal.TWO
• pom-errorprone
  • #4388: [pom] InvalidDependencyTypes doesn’t consider dependencies at all
• misc
  • #4967: Fix reproducible build issues with 7.0.0

🚨 API Changes

Deprecated methods

• pmd-java
  • ASTLambdaExpression#getBlock and ASTLambdaExpression#getExpression
  • SingularFieldRule#mayBeSingular has been deprecated for removal. The method is only useful for the rule itself and shouldn’t be used otherwise.

✨ External Contributions

• #4864: Fix #1084 [Java] add extra assert method names to Junit rules - Erwan Moutymbo (@emouty)
• #4894: Fix #4791 Error caused by space in JDK path - Scrates1 (@Scrates1)

📈 Stats

• 205 commits
• 71 closed tickets & PRs
• Days since last release: 34

22-March-2024 - 7.0.0

🎉 After a long time, we’re excited to bring you now the next major version of PMD! 🎉

Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate page with the full Detailed Release Notes for PMD 7.0.0.

🤝🙏 Many thanks to all users and contributors who were testing the release candidates and provided feedback and/or PRs!

✨ PMD 7…

• …has a new logo
• …analyzes Java 21 and Java 22 projects with even better type resolution and symbol table support
• …analyzes Kotlin and Swift
• …analyzes Apex with a new parser
• …finds duplicated code in Coco, Julia, TypeScript
• …ships 11 new rules and tons of improvements for existing rules
• …provides a new CLI interface with progress bar
• …supports Antlr based languages
• …and many more enhancements

💥 Note: Since PMD 7 is a major release, it is not a drop-in replacement for PMD 6.55.0. A detailed documentation of required changes are available in the Migration Guide for PMD 7.

<dependency>
  <groupId>net.sourceforge.pmd</groupId>
  <artifactId>pmd-compat6</artifactId>
  <version>${pmdVersion}</version>
</dependency>

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-22-preview ...

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-22-preview ...

30-September-2023 - 7.0.0-rc4

We’re excited to bring you the next major version of PMD!

Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate page with the full Detailed Release Notes for PMD 7.0.0.

Table Of Contents

• Changes since 7.0.0-rc3
  • New and Noteworthy
    • Migration Guide for PMD 7
    • Apex Jorje Updated
    • Java 21 Support
  • Fixed issues
  • API Changes
    • pmd-java
    • Rule properties
    • New Programmatic API for CPD
    • Removed classes and methods
    • Moved packages
    • Changed types and other changes
    • Internal APIs
    • Deprecated API
    • Experimental APIs
  • External Contributions
• 🚀 Major Features and Enhancements
  • New official logo
  • Revamped Java module
  • Revamped Command Line Interface
  • Full Antlr support
  • Updated PMD Designer
  • New CPD report format cpdhtml-v2.xslt
• 🎉 Language Related Changes
  • New: Swift support
  • New: Kotlin support (experimental)
  • New: CPD support for TypeScript
  • New: CPD support for Julia
  • New: CPD support for Coco
  • New: Java 21 Support
  • Changed: JavaScript support
  • Changed: Language versions
  • Changed: CPP can now ignore identifiers in sequences (CPD)
  • Changed: Apex Jorje Updated
  • Changed: Rule properties
• 🌟 New and changed rules
  • New Rules
  • Changed Rules
  • Removed Rules
• 🚨 API
• 💥 Compatibility and migration notes
• 🐛 Fixed Issues
• ✨ External Contributions
• 📈 Stats

Changes since 7.0.0-rc3

This section lists the most important changes from the last release candidate. The remaining section describes the complete release notes for 7.0.0.

New and Noteworthy

Migration Guide for PMD 7

A detailed documentation of required changes are available in the Migration Guide for PMD 7.

Apex Jorje Updated

With the new version of Apex Jorje, the new language constructs like User Mode Database Operations can be parsed now. PMD should now be able to parse Apex code up to version 59.0 (Winter ‘23).

Java 21 Support

This release of PMD brings support for Java 21. There are the following new standard language features, that are supported now:

• JEP 440: Record Patterns
• JEP 441: Pattern Matching for switch

PMD also supports the following preview language features:

• JEP 430: String Templates (Preview)
• JEP 443: Unnamed Patterns and Variables (Preview)
• JEP 445: Unnamed Classes and Instance Main Methods (Preview)

In order to analyze a project with PMD that uses these language features, you’ll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 21-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-21-preview ...

Note: Support for Java 19 preview language features have been removed. The version “19-preview” is no longer available.

Fixed issues

• miscellaneous
  • #4582: [dist] Download link broken
  • #4691: [CVEs] Critical and High CEVs reported on PMD and PMD dependencies
• core
  • #1204: [core] Allow numeric properties in XML to be within an unbounded range
  • #3919: [core] Merge CPD and PMD language
  • #4204: [core] Provide a CpdAnalysis class as a programmatic entry point into CPD
  • #4301: [core] Remove deprecated property concrete classes
  • #4302: [core] Migrate Property Framework API to Java 8
  • #4323: [core] Refactor CPD integration
  • #4397: [core] Refactor CPD
  • #4611: [core] Fix loading language properties from env vars
  • #4621: [core] Make ClasspathClassLoader::getResource child first
• cli
  • #4423: [cli] Fix NPE when only --file-list is specified
• doc
  • #4294: [doc] Migration Guide for upgrading PMD 6 ➡️ 7
  • #4303: [doc] Document new property framework
  • #4521: [doc] Website is not mobile friendly
• apex
  • #3973: [apex] Update parser to support new ‘as user’ keywords (User Mode for Database Operations)
  • #4453: [apex] [7.0-rc1] Exception while initializing Apexlink (Index 34812 out of bounds for length 34812)
• apex-design
  • #4596: [apex] ExcessivePublicCount ignores properties
• apex-security
  • #4646: [apex] ApexSOQLInjection does not recognise SObjectType or SObjectField as safe variable types
• java
  • #4401: [java] PMD 7 fails to build under Java 19
  • #4583: [java] Support JDK 21 (LTS)
• java-bestpractices
  • #4634: [java] JUnit4TestShouldUseTestAnnotation false positive with TestNG

API Changes

pmd-java

• Support for Java 19 preview language features have been removed. The version “19-preview” is no longer available.

Rule properties

• The old deprecated classes like IntProperty and StringProperty have been removed. Please use PropertyFactory to create properties.
• All properties which accept multiple values now use a comma (,) as a delimiter. The previous default was a pipe character (|). The delimiter is not configurable anymore. If needed, the comma can be escaped with a backslash.
• The min and max attributes in property definitions in the XML are now optional and can appear separately or be omitted.

New Programmatic API for CPD

See Detailed Release Notes for PMD 7 and PR #4397 for details.

Removed classes and methods

The following previously deprecated classes have been removed:

• pmd-core
  • net.sourceforge.pmd.cpd.AbstractTokenizer ➡️ use AnyTokenizer instead
  • net.sourceforge.pmd.cpd.CPD ➡️ use PmdCli from pmd-cli module for CLI support or use CpdAnalysis for programmatic API
  • net.sourceforge.pmd.cpd.GridBagHelper (now package private)
  • net.sourceforge.pmd.cpd.TokenEntry.State
  • net.sourceforge.pmd.lang.document.CpdCompat
  • net.sourceforge.pmd.properties.BooleanMultiProperty
  • net.sourceforge.pmd.properties.BooleanProperty
  • net.sourceforge.pmd.properties.CharacterMultiProperty
  • net.sourceforge.pmd.properties.CharacterProperty
  • net.sourceforge.pmd.properties.DoubleMultiProperty
  • net.sourceforge.pmd.properties.DoubleProperty
  • net.sourceforge.pmd.properties.EnumeratedMultiProperty
  • net.sourceforge.pmd.properties.EnumeratedProperty
  • net.sourceforge.pmd.properties.EnumeratedPropertyDescriptor
  • net.sourceforge.pmd.properties.FileProperty (note: without replacement)
  • net.sourceforge.pmd.properties.FloatMultiProperty
  • net.sourceforge.pmd.properties.FloatProperty
  • net.sourceforge.pmd.properties.IntegerMultiProperty
  • net.sourceforge.pmd.properties.IntegerProperty
  • net.sourceforge.pmd.properties.LongMultiProperty
  • net.sourceforge.pmd.properties.LongProperty
  • net.sourceforge.pmd.properties.MultiValuePropertyDescriptor
  • net.sourceforge.pmd.properties.NumericPropertyDescriptor
  • net.sourceforge.pmd.properties.PropertyDescriptorField
  • net.sourceforge.pmd.properties.RegexProperty
  • net.sourceforge.pmd.properties.SingleValuePropertyDescriptor
  • net.sourceforge.pmd.properties.StringMultiProperty
  • net.sourceforge.pmd.properties.StringProperty
  • net.sourceforge.pmd.properties.ValueParser
  • net.sourceforge.pmd.properties.ValueParserConstants
  • net.sourceforge.pmd.properties.builders.MultiNumericPropertyBuilder
  • net.sourceforge.pmd.properties.builders.MultiPackagedPropertyBuilder
  • net.sourceforge.pmd.properties.builders.MultiValuePropertyBuilder
  • net.sourceforge.pmd.properties.builders.PropertyDescriptorBuilder
  • net.sourceforge.pmd.properties.builders.PropertyDescriptorBuilderConversionWrapper
  • net.sourceforge.pmd.properties.builders.PropertyDescriptorExternalBuilder
  • net.sourceforge.pmd.properties.builders.SingleNumericPropertyBuilder
  • net.sourceforge.pmd.properties.builders.SinglePackagedPropertyBuilder
  • net.sourceforge.pmd.properties.builders.SingleValuePropertyBuilder
  • net.sourceforge.pmd.properties.modules.EnumeratedPropertyModule
  • net.sourceforge.pmd.properties.modules.NumericPropertyModule

The following previously deprecated methods have been removed:

• pmd-core
  • net.sourceforge.pmd.properties.PropertyBuilder.GenericCollectionPropertyBuilder#delim(char)
  • net.sourceforge.pmd.properties.PropertySource#setProperty(...)
  • net.sourceforge.pmd.properties.internal.PropertyTypeId#factoryFor(...)
  • net.sourceforge.pmd.properties.internal.PropertyTypeId#typeIdFor(...)
  • net.sourceforge.pmd.properties.PropertyDescriptor: removed methods errorFor, type, isMultiValue, uiOrder, compareTo, isDefinedExternally, valueFrom, asDelimitedString

The following methods have been removed:

• pmd-core
  • CPDConfiguration
    • #sourceCodeFor(File), #postConstruct(), #tokenizer(), #filenameFilter() removed
  • Mark
    • #getSourceSlice(), #setLineCount(int), #getLineCount(), #setSourceCode(SourceCode) removed
    • #getBeginColumn(), #getBeginLine(), #getEndLine(), #getEndColumn() removed ➡️ use getLocation instead
  • Match
    • #LABEL_COMPARATOR removed
    • #setMarkSet(...), #setLabel(...), #getLabel(), #addTokenEntry(...) removed
    • #getSourceCodeSlice() removed ➡️ use CPDReport#getSourceCodeSlice instead
  • TokenEntry
    • #getEOF(), #clearImages(), #getIdentifier(), #getIndex(), #setHashCode(int) removed
    • #EOF removed ➡️ use isEof instead
  • Parser.ParserTask
    • #getFileDisplayName() removed ➡️ use getFileId instead (getFileId().getAbsolutePath())

The following classes have been removed:

• pmd-core
  • net.sourceforge.pmd.cpd.AbstractLanguage
  • net.sourceforge.pmd.cpd.AnyLanguage
  • net.sourceforge.pmd.cpd.Language
  • net.sourceforge.pmd.cpd.LanguageFactory
  • net.sourceforge.pmd.cpd.MatchAlgorithm (now package private)
  • net.sourceforge.pmd.cpd.MatchCollector (now package private)
  • net.sourceforge.pmd.cpd.SourceCode (and all inner classes like FileCodeLoader, …)
  • net.sourceforge.pmd.cpd.token.TokenFilter

Moved packages

• pmd-core
  • NumericConstraints (old package: net.sourceforge.pmd.properties.constraints.NumericConstraints)
  • PropertyConstraint (old package: net.sourceforge.pmd.properties.constraints.PropertyConstraint)
    • not experimental anymore
  • ReportException (old package: net.sourceforge.pmd.cpd, moved to module pmd-ant)
    • it is now a RuntimeException
  • CPDReportRenderer (old package: net.sourceforge.pmd.cpd.renderer)
  • AntlrTokenFilter (old package: net.sourceforge.pmd.cpd.token)
  • BaseTokenFilter (old package: net.sourceforge.pmd.cpd.token.internal)
  • JavaCCTokenFilter (old package: net.sourceforge.pmd.cpd.token)

Changed types and other changes

• pmd-core
  • PropertyDescriptor is now a class (was an interface) and it is not comparable anymore.
  • AbstractConfiguration#setSourceEncoding
    • previously this method took a simple String for the encoding.
  • PmdConfiguration and CPDConfiguration
    • many getters and setters have been moved to the parent class AbstractConfiguration
  • CPDListener#addedFile
    • no File parameter anymore
  • CPDReport#getNumberOfTokensPerFile returns a Map of FileId,Integer instead of String
  • CPDReport#filterMatches now takes a java.util.function.Predicate as parameter
  • Tokenizer
    • constants are now PropertyDescriptor instead of String, to be used as language properties
    • tokenize changed parameters. Now takes a TextDocument and a TokenFactory (instead of SourceCode and Tokens)
  • Language
    • method #createProcessor(LanguagePropertyBundle) moved to PmdCapableLanguage
  • StringUtil#linesWithTrimIndent now takes a Chars instead of a String.
• All language modules (like pmd-apex, pmd-cpp, …)
  • consistent package naming: net.sourceforge.pmd.lang.<langId>.cpd
  • adapted to use CpdCapableLanguage
  • consistent static method #getInstance()
  • removed constants like ID, TERSE_NAME or NAME. Use getInstance().getName() etc. instead

Internal APIs

• Tokens
• PropertyTypeId

Deprecated API

• Language#getTerseName ➡️ use getId instead

• The method ASTPattern#getParenthesisDepth has been deprecated and will be removed. It was introduced for supporting parenthesized patterns, but that was removed with Java 21. It is only used when parsing code as java-19-preview.

Experimental APIs

• To support the Java preview language features “String Templates” and “Unnamed Patterns and Variables”, the following AST nodes have been introduced as experimental:
  • ASTTemplateExpression
  • ASTTemplate
  • ASTTemplateFragment
  • ASTUnnamedPattern
• The AST nodes for supporting “Record Patterns” and “Pattern Matching for switch” are not experimental anymore:
  • ASTRecordPattern
  • ASTPatternList (Note: it was renamed from ASTComponentPatternList)
  • ast (Note: it was renamed from ASTSwitchGuard)

External Contributions

• #4528: [apex] Update to apexlink - Kevin Jones (@nawforce)
• #4637: [java] fix #4634 - JUnit4TestShouldUseTestAnnotation false positive with TestNG - Krystian Dabrowski (@krdabrowski)
• #4649: [apex] Add SObjectType and SObjectField to list of injectable SOQL variable types - Richard Corfield (@rcorfieldffdc)
• #4651: [doc] Add “Tencent Cloud Code Analysis” in Tools / Integrations - yale (@cyw3)
• #4664: [cli] CPD: Fix NPE when only --file-list is specified - Wener (@wener-tiobe)
• #4665: [java] Doc: Fix references AutoClosable -> AutoCloseable - Andrey Bozhko (@AndreyBozhko)

🚀 Major Features and Enhancements

New official logo

The new official logo of PMD:

Revamped Java module

• Java grammar substantially refactored - more correct regarding the Java Language Specification (JLS)
• Built-in rules have been upgraded for the changed AST
• Rewritten type resolution framework and symbol table correctly implements the JLS
• AST exposes more semantic information (method calls, field accesses)

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Clément Fournier (@oowekyala), Andreas Dangel (@adangel), Juan Martín Sotuyo Dodero (@jsotuyod)

Revamped Command Line Interface

• unified and consistent Command Line Interface for both Linux/Unix and Windows across our different utilities
• single script pmd (pmd.bat for Windows) to launch the different utilities:
  • pmd check to run PMD rules and analyze a project
  • pmd cpd to run CPD (copy paste detector)
  • pmd designer to run the PMD Rule Designer
• progress bar support for pmd check
• shell completion

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Juan Martín Sotuyo Dodero (@jsotuyod)

Full Antlr support

• Antlr based grammars can now be used to build full-fledged PMD rules.
• Previously, Antlr grammar could only be used for CPD
• New supported languages: Swift and Kotlin

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)

Updated PMD Designer

This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.

New CPD report format cpdhtml-v2.xslt

Thanks to @mohan-chinnappan-n a new CPD report format has been added which features a data table. It uses an XSLT stylesheet to convert CPD’s XML format into HTML.

See the example report.

🎉 Language Related Changes

Note that this is just a concise listing of the highlight. For more information on the languages, see the Detailed Release Notes for PMD 7.

New: Swift support

• use PMD to analyze Swift code with PMD rules
• initially 4 built-in rules

Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)

New: Kotlin support (experimental)

• use PMD to analyze Kotlin code with PMD rules
• Support for Kotlin 1.8 grammar
• initially 2 built-in rules

New: CPD support for TypeScript

Thanks to a contribution, CPD now supports the TypeScript language. It is shipped with the rest of the JavaScript support in the module pmd-javascript.

Contributors: Paul Guyot (@pguyot)

New: CPD support for Julia

Thanks to a contribution, CPD now supports the Julia language. It is shipped in the new module pmd-julia.

Contributors: Wener (@wener-tiobe)

New: CPD support for Coco

Thanks to a contribution, CPD now supports Coco, a modern programming language designed specifically for building event-driven software. It is shipped in the new module pmd-coco.

Contributors: Wener (@wener-tiobe)

New: Java 21 Support

This release of PMD brings support for Java 21. There are the following new standard language features, that are supported now:

• JEP 440: Record Patterns
• JEP 441: Pattern Matching for switch

PMD also supports the following preview language features:

• JEP 430: String Templates (Preview)
• JEP 443: Unnamed Patterns and Variables (Preview)
• JEP 445: Unnamed Classes and Instance Main Methods (Preview)

In order to analyze a project with PMD that uses these language features, you’ll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 21-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-21-preview ...

Note: Support for Java 19 preview language features have been removed. The version “19-preview” is no longer available.

Changed: JavaScript support

• latest version supports ES6 and also some new constructs (see Rhino])
• comments are retained

Changed: Language versions

• more predefined language versions for each supported language
• can be used to limit rule execution for specific versions only with minimumLanguageVersion and maximumLanguageVersion attributes.

Changed: CPP can now ignore identifiers in sequences (CPD)

• new command line option for CPD: --ignore-sequences.
• This option is used for CPP only: with the already existing option --ignore-literal-sequences, only literals were ignored. The new option additional ignores identifiers as well in sequences.
• See PR #4470 for details.

Changed: Apex Jorje Updated

With the new version of Apex Jorje, the new language constructs like User Mode Database Operations can be parsed now. PMD should now be able to parse Apex code up to version 59.0 (Winter ‘23).

Changed: Rule properties

• The old deprecated classes like IntProperty and StringProperty have been removed. Please use PropertyFactory to create properties.
• All properties which accept multiple values now use a comma (,) as a delimiter. The previous default was a pipe character (|). The delimiter is not configurable anymore. If needed, the comma can be escaped with a backslash.
• The min and max attributes in property definitions in the XML are now optional and can appear separately or be omitted.

🌟 New and changed rules

New Rules

Apex

• UnusedMethod finds unused methods in your code.

Java

• UnnecessaryBoxing reports boxing and unboxing conversions that may be made implicit.

Kotlin

• FunctionNameTooShort
• OverrideBothEqualsAndHashcode

Swift

• ProhibitedInterfaceBuilder
• UnavailableFunction
• ForceCast
• ForceTry

Changed Rules

General changes

• All statistical rules (like ExcessiveClassLength, ExcessiveParameterList) have been simplified and unified. The properties topscore and sigma have been removed. The property minimum is still there, however the type is not a decimal number anymore but has been changed to an integer. This affects rules in the languages Apex, Java, PLSQL and Velocity Template Language (vm):
  • Apex: ExcessiveClassLength, ExcessiveParameterList, ExcessivePublicCount, NcssConstructorCount, NcssMethodCount, NcssTypeCount
  • Java: ExcessiveImports, ExcessiveParameterList, ExcessivePublicCount, SwitchDensity
  • PLSQL: ExcessiveMethodLength, ExcessiveObjectLength, ExcessivePackageBodyLength, ExcessivePackageSpecificationLength, ExcessiveParameterList, ExcessiveTypeLength, NcssMethodCount, NcssObjectCount, NPathComplexity
  • VM: ExcessiveTemplateLength
• The general property violationSuppressXPath which is available for all rules to suppress warnings now uses XPath version 3.1 by default. This version of the XPath language is mostly identical to XPath 2.0. In PMD 6, XPath 1.0 has been used. If you upgrade from PMD 6, you need to verify your violationSuppressXPath properties.

Apex General changes

• The properties cc_categories, cc_remediation_points_multiplier, cc_block_highlighting have been removed from all rules. These properties have been deprecated since PMD 6.13.0. See issue #1648 for more details.

Java General changes

• Violations reported on methods or classes previously reported the line range of the entire method or class. With PMD 7.0.0, the reported location is now just the identifier of the method or class. This affects various rules, e.g. CognitiveComplexity.

  The report location is controlled by the overrides of the method getReportLocation in different node types.

  See issue #4439 and issue #730 for more details.

Java Best Practices

• ArrayIsStoredDirectly: Violations are now reported on the assignment and not anymore on the formal parameter. The reported line numbers will probably move.
• AvoidReassigningLoopVariables: This rule might not report anymore all reassignments of the control variable in for-loops when the property forReassign is set to skip. See issue #4500 for more details.
• LooseCoupling: The rule has a new property to allow some types to be coupled to (allowedTypes).
• UnusedLocalVariable: This rule has some important false-negatives fixed and finds many more cases now. For details see issues #2130, #4516, and #4517.

Java Codestyle

• MethodNamingConventions: The property checkNativeMethods has been removed. The property was deprecated since PMD 6.3.0. Use the property nativePattern to control whether native methods should be considered or not.
• ShortVariable: This rule now also reports short enum constant names.
• UseDiamondOperator: The property java7Compatibility has been removed. The rule now handles Java 7 properly without a property.
• UnnecessaryFullyQualifiedName: The rule has two new properties, to selectively disable reporting on static field and method qualifiers. The rule also has been improved to be more precise.
• UselessParentheses: The rule has two new properties which control how strict the rule should be applied. With ignoreClarifying (default: true) parentheses that are strictly speaking not necessary are allowed, if they separate expressions of different precedence. The other property ignoreBalancing (default: true) is similar, in that it allows parentheses that help reading and understanding the expressions.

Java Design

• CyclomaticComplexity: The property reportLevel has been removed. The property was deprecated since PMD 6.0.0. The report level can now be configured separated for classes and methods using classReportLevel and methodReportLevel instead.
• ImmutableField: The property ignoredAnnotations has been removed. The property was deprecated since PMD 6.52.0.
• LawOfDemeter: The rule has a new property trustRadius. This defines the maximum degree of trusted data. The default of 1 is the most restrictive.
• NPathComplexity: The property minimum has been removed. It was deprecated since PMD 6.0.0. Use the property reportLevel instead.
• SingularField: The properties checkInnerClasses and disallowNotAssignment have been removed. The rule is now more precise and will check these cases properly.
• UseUtilityClass: The property ignoredAnnotations has been removed.

Java Documentation

• CommentContent: The properties caseSensitive and disallowedTerms are removed. The new property forbiddenRegex can be used now to define the disallowed terms with a single regular expression.
• CommentRequired:
  • Overridden methods are now detected even without the @Override annotation. This is relevant for the property methodWithOverrideCommentRequirement. See also pull request #3757.
  • Elements in annotation types are now detected as well. This might lead to an increased number of violations for missing public method comments.
• CommentSize: When determining the line-length of a comment, the leading comment prefix markers (e.g. * or //) are ignored and don’t add up to the line-length. See also pull request #4369.

Java Error Prone

• AvoidDuplicateLiterals: The property exceptionfile has been removed. The property was deprecated since PMD 6.10.0. Use the property exceptionList instead.
• DontImportSun: sun.misc.Signal is not special-cased anymore.
• EmptyCatchBlock: CloneNotSupportedException and InterruptedException are not special-cased anymore. Rename the exception parameter to ignored to ignore them.
• ImplicitSwitchFallThrough: Violations are now reported on the case statements rather than on the switch statements. This is more accurate but might result in more violations now.

Removed Rules

Many rules, that were previously deprecated have been finally removed. See Detailed Release Notes for PMD 7 for the complete list.

🚨 API

The API of PMD has been growing over the years and needed some cleanup. The goal is, to have a clear separation between a well-defined API and the implementation, which is internal. This should help us in future development.

Also, there are some improvement and changes in different areas. For the detailed description of the changes listed here, see Detailed Release Notes for PMD 7.

• Miscellaneous smaller changes and cleanups
• XPath 3.1 support for XPath-based rules
• Node stream API for AST traversal
• Metrics framework
• Testing framework
• Language Lifecycle and Language Properties
• Rule Properties
• New Programmatic API for CPD

💥 Compatibility and migration notes

A detailed documentation of required changes are available in the Migration Guide for PMD 7.

See also Detailed Release Notes for PMD 7.

🐛 Fixed Issues

• miscellaneous
  • #881: [all] Breaking API changes for 7.0.0
  • #896: [all] Use slf4j
  • #1431: [ui] Remove old GUI applications (designerold, bgastviewer)
  • #1451: [core] RulesetFactoryCompatibility stores the whole ruleset file in memory as a string
  • #2496: Update PMD 7 Logo on landing page
  • #2497: PMD 7 Logo page
  • #2498: Update PMD 7 Logo in documentation
  • #3797: [all] Use JUnit5
  • #4462: Provide Software Bill of Materials (SBOM)
  • #4460: Fix assembly-plugin warnings
  • #4582: [dist] Download link broken
  • #4691: [CVEs] Critical and High CEVs reported on PMD and PMD dependencies
• ant
  • #4080: [ant] Split off Ant integration into a new submodule
• core
  • #880: [core] Make visitors generic
  • #1204: [core] Allow numeric properties in XML to be within an unbounded range
  • #1622: [core] NodeStream API
  • #1687: [core] Deprecate and Remove XPath 1.0 support
  • #1785: [core] Allow abstract node types to be valid rulechain visits
  • #1825: [core] Support NoAttribute for XPath
  • #2038: [core] Remove DCD
  • #2218: [core] isFindBoundary should not be an attribute
  • #2234: [core] Consolidate PMD CLI into a single command
  • #2239: [core] Merging Javacc build scripts
  • #2500: [core] Clarify API for ANTLR based languages
  • #2518: [core] Language properties
  • #2602: [core] Remove ParserOptions
  • #2614: [core] Upgrade Saxon, add XPath 3.1, remove Jaxen
  • #2696: [core] Remove DFA
  • #2821: [core] Rule processing error filenames are missing paths
  • #2873: [core] Utility classes in pmd 7
  • #2885: [core] Error recovery mode
  • #3203: [core] Replace RuleViolationFactory implementations with ViolationDecorator
  • #3692: [core] Analysis listeners
  • #3782: [core] Language lifecycle
  • #3815: [core] Update Saxon HE to 10.7
  • #3893: [core] Text documents
  • #3902: [core] Violation decorators
  • #3918: [core] Make LanguageRegistry non static
  • #3919: [core] Merge CPD and PMD language
  • #3922: [core] Better error reporting for the ruleset parser
  • #4035: [core] ConcurrentModificationException in DefaultRuleViolationFactory
  • #4120: [core] Explicitly name all language versions
  • #4204: [core] Provide a CpdAnalysis class as a programmatic entry point into CPD
  • #4301: [core] Remove deprecated property concrete classes
  • #4302: [core] Migrate Property Framework API to Java 8
  • #4323: [core] Refactor CPD integration
  • #4353: [core] Micro optimizations for Node API
  • #4365: [core] Improve benchmarking
  • #4397: [core] Refactor CPD
  • #4420: [core] Remove PMD.EOL
  • #4425: [core] Replace TextFile::pathId
  • #4454: [core] “Unknown option: ‘-min’” but is referenced in documentation
  • #4611: [core] Fix loading language properties from env vars
  • #4621: [core] Make ClasspathClassLoader::getResource child first
• cli
  • #2234: [core] Consolidate PMD CLI into a single command
  • #3828: [core] Progress reporting
  • #4079: [cli] Split off CLI implementation into a pmd-cli submodule
  • #4423: [cli] Fix NPE when only --file-list is specified
  • #4482: [cli] pmd.bat can only be executed once
  • #4484: [cli] ast-dump with no properties produce an NPE
• doc
  • #2501: [doc] Verify ANTLR Documentation
  • #4294: [doc] Migration Guide for upgrading PMD 6 ➡️ 7
  • #4303: [doc] Document new property framework
  • #4438: [doc] Documentation links in VS Code are outdated
  • #4521: [doc] Website is not mobile friendly
• testing
  • #2435: [test] Remove duplicated Dummy language module
  • #4234: [test] Tests that change the logging level do not work

Language specific fixes:

• apex
  • #1937: [apex] Apex should only have a single RootNode
  • #1648: [apex,vf] Remove CodeClimate dependency
  • #1750: [apex] Remove apex statistical rules
  • #2836: [apex] Remove Apex ProjectMirror
  • #3973: [apex] Update parser to support new ‘as user’ keywords (User Mode for Database Operations)
  • #4427: [apex] ApexBadCrypto test failing to detect inline code
  • #4453: [apex] [7.0-rc1] Exception while initializing Apexlink (Index 34812 out of bounds for length 34812)
• apex-design
  • #2667: [apex] Integrate nawforce/ApexLink to build robust Unused rule
  • #4509: [apex] ExcessivePublicCount doesn’t consider inner classes correctly
  • #4596: [apex] ExcessivePublicCount ignores properties
• apex-security
  • #4646: [apex] ApexSOQLInjection does not recognise SObjectType or SObjectField as safe variable types
• java
  • #520: [java] Allow @SuppressWarnings with constants instead of literals
  • #864: [java] Similar/duplicated implementations for determining FQCN
  • #905: [java] Add new node for anonymous class declaration
  • #910: [java] AST inconsistency between primitive and reference type arrays
  • #997: [java] Java8 parsing corner case with annotated array types
  • #998: [java] AST inconsistencies around FormalParameter
  • #1019: [java] Breaking Java Grammar changes for PMD 7.0.0
  • #1124: [java] ImmutableList implementation in the qname codebase
  • #1128: [java] Improve ASTLocalVariableDeclaration
  • #1150: [java] ClassOrInterfaceType AST improvements
  • #1207: [java] Resolve explicit types using FQCNs, without hitting the classloader
  • #1367: [java] Parsing error on annotated inner class
  • #1661: [java] About operator nodes
  • #2366: [java] Remove qualified names
  • #2819: [java] GLB bugs in pmd 7
  • #3642: [java] Parse error on rare extra dimensions on method return type on annotation methods
  • #3763: [java] Ambiguous reference error in valid code
  • #3749: [java] Improve isOverridden in ASTMethodDeclaration
  • #3750: [java] Make symbol table support instanceof pattern bindings
  • #3752: [java] Expose annotations in symbol API
  • #4237: [java] Cleanup handling of Java comments
  • #4317: [java] Some AST nodes should not be TypeNodes
  • #4359: [java] Type resolution fails with NPE when the scope is not a type declaration
  • #4367: [java] Move testrule TypeResTest into internal
  • #4383: [java] IllegalStateException: Object is not an array type!
  • #4401: [java] PMD 7 fails to build under Java 19
  • #4405: [java] Processing error with ArrayIndexOutOfBoundsException
  • #4583: [java] Support JDK 21 (LTS)
• java-bestpractices
  • #342: [java] AccessorMethodGeneration: Name clash with another public field not properly handled
  • #755: [java] AccessorClassGeneration false positive for private constructors
  • #770: [java] UnusedPrivateMethod yields false positive for counter-variant arguments
  • #807: [java] AccessorMethodGeneration false positive with overloads
  • #833: [java] ForLoopCanBeForeach should consider iterating on this
  • #1189: [java] UnusedPrivateMethod false positive from inner class via external class
  • #1205: [java] Improve ConstantsInInterface message to mention alternatives
  • #1212: [java] Don’t raise JUnitTestContainsTooManyAsserts on JUnit 5’s assertAll
  • #1422: [java] JUnitTestsShouldIncludeAssert false positive with inherited @Rule field
  • #1455: [java] JUnitTestsShouldIncludeAssert: False positives for assert methods named “check” and “verify”
  • #1563: [java] ForLoopCanBeForeach false positive with method call using index variable
  • #1565: [java] JUnitAssertionsShouldIncludeMessage false positive with AssertJ
  • #1747: [java] PreserveStackTrace false-positive
  • #1969: [java] MissingOverride false-positive triggered by package-private method overwritten in another package by extending class
  • #1998: [java] AccessorClassGeneration false-negative: subclass calls private constructor
  • #2130: [java] UnusedLocalVariable: false-negative with array
  • #2147: [java] JUnitTestsShouldIncludeAssert - false positives with lambdas and static methods
  • #2464: [java] LooseCoupling must ignore class literals: ArrayList.class
  • #2542: [java] UseCollectionIsEmpty can not detect the case foo.bar().size()
  • #2650: [java] UseTryWithResources false positive when AutoCloseable helper used
  • #2796: [java] UnusedAssignment false positive with call chains
  • #2797: [java] MissingOverride long-standing issues
  • #2806: [java] SwitchStmtsShouldHaveDefault false-positive with Java 14 switch non-fallthrough branches
  • #2822: [java] LooseCoupling rule: Extend to cover user defined implementations and interfaces
  • #2843: [java] Fix UnusedAssignment FP with field accesses
  • #2882: [java] UseTryWithResources - false negative for explicit close
  • #2883: [java] JUnitAssertionsShouldIncludeMessage false positive with method call
  • #2890: [java] UnusedPrivateMethod false positive with generics
  • #2946: [java] SwitchStmtsShouldHaveDefault false positive on enum inside enums
  • #3672: [java] LooseCoupling - fix false positive with generics
  • #3675: [java] MissingOverride - fix false positive with mixing type vars
  • #3858: [java] UseCollectionIsEmpty should infer local variable type from method invocation
  • #4433: [java] [7.0-rc1] ReplaceHashtableWithMap on java.util.Properties
  • #4492: [java] GuardLogStatement gives false positive when argument is a Java method reference
  • #4503: [java] JUnitTestsShouldIncludeAssert: false negative with TestNG
  • #4516: [java] UnusedLocalVariable: false-negative with try-with-resources
  • #4517: [java] UnusedLocalVariable: false-negative with compound assignments
  • #4518: [java] UnusedLocalVariable: false-positive with multiple for-loop indices
  • #4634: [java] JUnit4TestShouldUseTestAnnotation false positive with TestNG
• java-codestyle
  • #1208: [java] PrematureDeclaration rule false-positive on variable declared to measure time
  • #1429: [java] PrematureDeclaration as result of method call (false positive)
  • #1480: [java] IdenticalCatchBranches false positive with return expressions
  • #1673: [java] UselessParentheses false positive with conditional operator
  • #1790: [java] UnnecessaryFullyQualifiedName false positive with enum constant
  • #1918: [java] UselessParentheses false positive with boolean operators
  • #2134: [java] PreserveStackTrace not handling Throwable.addSuppressed(...)
  • #2299: [java] UnnecessaryFullyQualifiedName false positive with similar package name
  • #2391: [java] UseDiamondOperator FP when expected type and constructed type have a different parameterization
  • #2528: [java] MethodNamingConventions - JUnit 5 method naming not support ParameterizedTest
  • #2739: [java] UselessParentheses false positive for string concatenation
  • #2748: [java] UnnecessaryCast false positive with unchecked cast
  • #2973: [java] New rule: UnnecessaryBoxing
  • #3195: [java] Improve rule UnnecessaryReturn to detect more cases
  • #3218: [java] Generalize UnnecessaryCast to flag all unnecessary casts
  • #3221: [java] PrematureDeclaration false positive for unused variables
  • #3238: [java] Improve ExprContext, fix FNs of UnnecessaryCast
  • #3500: [java] UnnecessaryBoxing - check for Integer.valueOf(String) calls
  • #4268: [java] CommentDefaultAccessModifier: false positive with TestNG annotations
  • #4273: [java] CommentDefaultAccessModifier ignoredAnnotations should include “org.junit.jupiter.api.extension.RegisterExtension” by default
  • #4357: [java] Fix IllegalStateException in UseDiamondOperator rule
  • #4432: [java] [7.0-rc1] UnnecessaryImport - Unused static import is being used
  • #4455: [java] FieldNamingConventions: false positive with lombok’s @UtilityClass
  • #4487: [java] UnnecessaryConstructor: false-positive with @Inject and @Autowired
  • #4511: [java] LocalVariableCouldBeFinal shouldn’t report unused variables
  • #4512: [java] MethodArgumentCouldBeFinal shouldn’t report unused parameters
  • #4557: [java] UnnecessaryImport FP with static imports of overloaded methods
• java-design
  • #1014: [java] LawOfDemeter: False positive with lambda expression
  • #1605: [java] LawOfDemeter: False positive for standard UTF-8 charset name
  • #2160: [java] Issues with Law of Demeter
  • #2175: [java] LawOfDemeter: False positive for chained methods with generic method call
  • #2179: [java] LawOfDemeter: False positive with static property access - should treat class-level property as global object, not dot-accessed property
  • #2180: [java] LawOfDemeter: False positive with Thread and ThreadLocalRandom
  • #2182: [java] LawOfDemeter: False positive with package-private access
  • #2188: [java] LawOfDemeter: False positive with fields assigned to local vars
  • #2536: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal can’t detect inner class
  • #3668: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal - fix FP with inner private classes
  • #3754: [java] SingularField false positive with read in while condition
  • #3786: [java] SimplifyBooleanReturns should consider operator precedence
  • #3840: [java] LawOfDemeter disallows method call on locally created object
  • #4238: [java] Make LawOfDemeter not use the rulechain
  • #4254: [java] ImmutableField - false positive with Lombok @Setter
  • #4434: [java] [7.0-rc1] ExceptionAsFlowControl when simply propagating
  • #4456: [java] FinalFieldCouldBeStatic: false positive with lombok’s @UtilityClass
  • #4477: [java] SignatureDeclareThrowsException: false-positive with TestNG annotations
  • #4490: [java] ImmutableField - false negative with Lombok @Getter
  • #4549: [java] Make LawOfDemeter results deterministic
• java-documentation
  • #4369: [java] Improve CommentSize
  • #4416: [java] Fix reported line number in CommentContentRule
• java-errorprone
  • #659: [java] MissingBreakInSwitch - last default case does not contain a break
  • #1005: [java] CloneMethodMustImplementCloneable triggers for interfaces
  • #1669: [java] NullAssignment - FP with ternay and null as constructor argument
  • #1899: [java] Recognize @SuppressWanings(“fallthrough”) for MissingBreakInSwitch
  • #2320: [java] NullAssignment - FP with ternary and null as method argument
  • #2532: [java] AvoidDecimalLiteralsInBigDecimalConstructor can not detect the case new BigDecimal(Expression)
  • #2579: [java] MissingBreakInSwitch detects the lack of break in the last case
  • #2880: [java] CompareObjectsWithEquals - false negative with type res
  • #2893: [java] Remove special cases from rule EmptyCatchBlock
  • #2894: [java] Improve MissingBreakInSwitch
  • #3071: [java] BrokenNullCheck FP with PMD 6.30.0
  • #3087: [java] UnnecessaryBooleanAssertion overlaps with SimplifiableTestAssertion
  • #3100: [java] UseCorrectExceptionLogging FP in 6.31.0
  • #3173: [java] UseProperClassLoader false positive
  • #3351: [java] ConstructorCallsOverridableMethod ignores abstract methods
  • #3400: [java] AvoidUsingOctalValues FN with underscores
  • #3843: [java] UseEqualsToCompareStrings should consider return type
  • #4063: [java] AvoidBranchingStatementAsLastInLoop: False-negative about try/finally block
  • #4356: [java] Fix NPE in CloseResourceRule
  • #4449: [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
  • #4457: [java] OverrideBothEqualsAndHashcode: false negative with anonymous classes
  • #4493: [java] MissingStaticMethodInNonInstantiatableClass: false-positive about @Inject
  • #4505: [java] ImplicitSwitchFallThrough NPE in PMD 7.0.0-rc1
  • #4510: [java] ConstructorCallsOverridableMethod: false positive with lombok’s @Value
  • #4513: [java] UselessOperationOnImmutable various false negatives with String
  • #4514: [java] AvoidLiteralsInIfCondition false positive and negative for String literals when ignoreExpressions=true
  • #4546: [java] OverrideBothEqualsAndHashCode ignores records
• java-multithreading
  • #2537: [java] DontCallThreadRun can’t detect the case that call run() in this.run()
  • #2538: [java] DontCallThreadRun can’t detect the case that call run() in foo.bar.run()
  • #2577: [java] UseNotifyAllInsteadOfNotify falsely detect a special case with argument: foo.notify(bar)
  • #4483: [java] NonThreadSafeSingleton false positive with double-checked locking
• java-performance
  • #1224: [java] InefficientEmptyStringCheck false negative in anonymous class
  • #2587: [java] AvoidArrayLoops could also check for list copy through iterated List.add()
  • #2712: [java] SimplifyStartsWith false-positive with AssertJ
  • #3486: [java] InsufficientStringBufferDeclaration: Fix NPE
  • #3848: [java] StringInstantiation: false negative when using method result
  • #4070: [java] A false positive about the rule RedundantFieldInitializer
  • #4458: [java] RedundantFieldInitializer: false positive with lombok’s @Value
• kotlin
  • #419: [kotlin] Add support for Kotlin
  • #4389: [kotlin] Update grammar to version 1.8
• swift
  • #1877: [swift] Feature/swift rules
  • #1882: [swift] UnavailableFunction Swift rule
• xml
  • #1800: [xml] Unimplement org.w3c.dom.Node from the XmlNodeWrapper

✨ External Contributions

• #1658: [core] Node support for Antlr-based languages - Matías Fraga (@matifraga)
• #1698: [core] [swift] Antlr Base Parser adapter and Swift Implementation - Lucas Soncini (@lsoncini)
• #1774: [core] Antlr visitor rules - Lucas Soncini (@lsoncini)
• #1877: [swift] Feature/swift rules - Matías Fraga (@matifraga)
• #1881: [doc] Add ANTLR documentation - Matías Fraga (@matifraga)
• #1882: [swift] UnavailableFunction Swift rule - Tomás de Lucca (@tomidelucca)
• #2830: [apex] Apexlink POC - Kevin Jones (@nawforce)
• #3866: [core] Add CLI Progress Bar - @JerritEic (@JerritEic)
• #4402: [javascript] CPD: add support for Typescript using antlr4 grammar - Paul Guyot (@pguyot)
• #4403: [julia] CPD: Add support for Julia code duplication - Wener (@wener-tiobe)
• #4412: [doc] Added new error msg to ConstantsInInterface - David Ljunggren (@dague1)
• #4426: [cpd] New XML to HTML XLST report format for PMD CPD - mohan-chinnappan-n (@mohan-chinnappan-n)
• #4428: [apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - Steven Stearns (@sfdcsteve)
• #4431: [coco] CPD: Coco support for code duplication detection - Wener (@wener-tiobe)
• #4444: [java] CommentDefaultAccessModifier - ignore org.junit.jupiter.api.extension.RegisterExtension by default - Nirvik Patel (@nirvikpatel)
• #4450: [java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios - Seren (@mohui1999)
• #4452: [doc] Update PMD_APEX_ROOT_DIRECTORY documentation reference - nwcm (@nwcm)
• #4470: [cpp] CPD: Added strings as literal and ignore identifiers in sequences - Wener (@wener-tiobe)
• #4474: [java] ImmutableField: False positive with lombok (fixes #4254) - Pim van der Loos (@PimvanderLoos)
• #4488: [java] Fix #4477: A false-positive about SignatureDeclareThrowsException - AnnaDev (@LynnBroe)
• #4494: [java] Fix #4487: A false-positive about UnnecessaryConstructor and @Inject and @Autowired - AnnaDev (@LynnBroe)
• #4495: [java] Fix #4493: false-positive about MissingStaticMethodInNonInstantiatableClass and @Inject - AnnaDev (@LynnBroe)
• #4507: [java] Fix #4503: A false negative about JUnitTestsShouldIncludeAssert and testng - AnnaDev (@LynnBroe)
• #4520: [doc] Fix typo: missing closing quotation mark after CPD-END - João Dinis Ferreira (@joaodinissf)
• #4528: [apex] Update to apexlink - Kevin Jones (@nawforce)
• #4533: [java] Fix #4063: False-negative about try/catch block in Loop - AnnaDev (@LynnBroe)
• #4536: [java] Fix #4268: CommentDefaultAccessModifier - false positive with TestNG’s @Test annotation - AnnaDev (@LynnBroe)
• #4537: [java] Fix #4455: A false positive about FieldNamingConventions and UtilityClass - AnnaDev (@LynnBroe)
• #4538: [java] Fix #4456: A false positive about FinalFieldCouldBeStatic and UtilityClass - AnnaDev (@LynnBroe)
• #4540: [java] Fix #4457: false negative about OverrideBothEqualsAndHashcode - AnnaDev (@LynnBroe)
• #4541: [java] Fix #4458: A false positive about RedundantFieldInitializer and @Value - AnnaDev (@LynnBroe)
• #4542: [java] Fix #4510: A false positive about ConstructorCallsOverridableMethod and @Value - AnnaDev (@LynnBroe)
• #4553: [java] Fix #4492: GuardLogStatement gives false positive when argument is a Java method reference - Anastasiia Koba (@anastasiia-koba)
• #4637: [java] fix #4634 - JUnit4TestShouldUseTestAnnotation false positive with TestNG - Krystian Dabrowski (@krdabrowski)
• #4649: [apex] Add SObjectType and SObjectField to list of injectable SOQL variable types - Richard Corfield (@rcorfieldffdc)
• #4651: [doc] Add “Tencent Cloud Code Analysis” in Tools / Integrations - yale (@cyw3)
• #4664: [cli] CPD: Fix NPE when only --file-list is specified - Wener (@wener-tiobe)
• #4665: [java] Doc: Fix references AutoClosable -> AutoCloseable - Andrey Bozhko (@AndreyBozhko)

📈 Stats

• 5007 commits
• 658 closed tickets & PRs
• Days since last release: 122

30-May-2023 - 7.0.0-rc3

We’re excited to bring you the next major version of PMD!

Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate page with the full Detailed Release Notes for PMD 7.0.0.

Table Of Contents

• Changes since 7.0.0-rc2
  • New CPD report format cpdhtml-v2.xslt
  • Fixed issues
  • API Changes
  • External Contributions
• 🚀 Major Features and Enhancements
  • New official logo
  • Revamped Java module
  • Revamped Command Line Interface
  • Full Antlr support
  • Updated PMD Designer
  • New CPD report format cpdhtml-v2.xslt
• 🎉 Language Related Changes
  • New: Swift support
  • New: Kotlin support (experimental)
  • New: CPD support for TypeScript
  • New: CPD support for Julia
  • New: CPD support for Coco
  • Changed: JavaScript support
  • Changed: Language versions
  • Changed: CPP can now ignore identifiers in sequences (CPD)
• 🌟 New and changed rules
  • New Rules
  • Changed Rules
  • Removed Rules
• 🚨 API
• 💥 Compatibility and migration notes
• 🐛 Fixed Issues
• ✨ External Contributions
• 📈 Stats

Changes since 7.0.0-rc2

This section lists the most important changes from the last release candidate. The remaining section describes the complete release notes for 7.0.0.

New CPD report format cpdhtml-v2.xslt

Thanks to @mohan-chinnappan-n a new CPD report format has been added which features a data table. It uses an XSLT stylesheet to convert CPD’s XML format into HTML.

See the example report.

Fixed issues

• miscellaneous
  • #4460: Fix assembly-plugin warnings
• core
  • #4425: [core] Replace TextFile::pathId
  • #4454: [core] “Unknown option: ‘-min’” but is referenced in documentation
• java-bestpractices
  • #4433: [java] [7.0-rc1] ReplaceHashtableWithMap on java.util.Properties
  • #4492: [java] GuardLogStatement gives false positive when argument is a Java method reference
  • #4503: [java] JUnitTestsShouldIncludeAssert: false negative with TestNG
• java-codestyle
  • #4268: [java] CommentDefaultAccessModifier: false positive with TestNG annotations
  • #4432: [java] [7.0-rc1] UnnecessaryImport - Unused static import is being used
  • #4455: [java] FieldNamingConventions: false positive with lombok’s @UtilityClass
  • #4557: [java] UnnecessaryImport FP with static imports of overloaded methods
• java-design
  • #4434: [java] [7.0-rc1] ExceptionAsFlowControl when simply propagating
  • #4456: [java] FinalFieldCouldBeStatic: false positive with lombok’s @UtilityClass
  • #4549: [java] Make LawOfDemeter results deterministic
• java-errorprone
  • #4063: [java] AvoidBranchingStatementAsLastInLoop: False-negative about try/finally block
  • #4457: [java] OverrideBothEqualsAndHashcode: false negative with anonymous classes
  • #4510: [java] ConstructorCallsOverridableMethod: false positive with lombok’s @Value
  • #4546: [java] OverrideBothEqualsAndHashCode ignores records
• java-performance
  • #4458: [java] RedundantFieldInitializer: false positive with lombok’s @Value

API Changes

• The following previously deprecated classes have been removed:
  • pmd-core
    • net.sourceforge.pmd.PMD
    • net.sourceforge.pmd.cli.PMDCommandLineInterface
    • net.sourceforge.pmd.cli.PMDParameters
    • net.sourceforge.pmd.cli.PmdParametersParseResult

• The asset filenames of PMD on GitHub Releases are now pmd-dist-<version>-bin.zip, pmd-dist-<version>-src.zip and pmd-dist-<version>-doc.zip. Keep that in mind, if you have an automated download script.

  The structure inside the ZIP files stay the same, e.g. we still provide inside the binary distribution ZIP file the base directory pmd-bin-<version>.

• The CLI option --stress (or -stress) has been removed without replacement.
• The CLI option --minimum-priority was changed with 7.0.0-rc1 to only take the following values: High, Medium High, Medium, Medium Low, Low. With 7.0.0-rc2 compatibility has been restored, so that the equivalent integer values (1 to 5) are supported as well.

• Replaced RuleViolation::getFilename with new RuleViolation#getFileId, that returns a FileId. This is an identifier for a TextFile and could represent a path name. This allows to have a separate display name, e.g. renderers use FileNameRenderer to either display the full path name or a relative path name (see Renderer#setFileNameRenderer and ConfigurableFileNameRenderer). Many places where we used a simple String for a path-like name before have been adapted to use the new FileId.

  See PR #4425 for details.

External Contributions

• #4426: [cpd] New XML to HTML XLST report format for PMD CPD - mohan-chinnappan-n (@mohan-chinnappan-n)
• #4431: [coco] CPD: Coco support for code duplication detection - Wener (@wener-tiobe)
• #4470: [cpp] CPD: Added strings as literal and ignore identifiers in sequences - Wener (@wener-tiobe)
• #4507: [java] Fix #4503: A false negative about JUnitTestsShouldIncludeAssert and testng - AnnaDev (@LynnBroe)
• #4533: [java] Fix #4063: False-negative about try/catch block in Loop - AnnaDev (@LynnBroe)
• #4536: [java] Fix #4268: CommentDefaultAccessModifier - false positive with TestNG’s @Test annotation - AnnaDev (@LynnBroe)
• #4537: [java] Fix #4455: A false positive about FieldNamingConventions and UtilityClass - AnnaDev (@LynnBroe)
• #4538: [java] Fix #4456: A false positive about FinalFieldCouldBeStatic and UtilityClass - AnnaDev (@LynnBroe)
• #4540: [java] Fix #4457: false negative about OverrideBothEqualsAndHashcode - AnnaDev (@LynnBroe)
• #4541: [java] Fix #4458: A false positive about RedundantFieldInitializer and @Value - AnnaDev (@LynnBroe)
• #4542: [java] Fix #4510: A false positive about ConstructorCallsOverridableMethod and @Value - AnnaDev (@LynnBroe)
• #4553: [java] Fix #4492: GuardLogStatement gives false positive when argument is a Java method reference - Anastasiia Koba (@anastasiia-koba)

🚀 Major Features and Enhancements

New official logo

The new official logo of PMD:

Revamped Java module

• Java grammar substantially refactored - more correct regarding the Java Language Specification (JLS)
• Built-in rules have been upgraded for the changed AST
• Rewritten type resolution framework and symbol table correctly implements the JLS
• AST exposes more semantic information (method calls, field accesses)

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Clément Fournier (@oowekyala), Andreas Dangel (@adangel), Juan Martín Sotuyo Dodero (@jsotuyod)

Revamped Command Line Interface

• unified and consistent Command Line Interface for both Linux/Unix and Windows across our different utilities
• single script pmd (pmd.bat for Windows) to launch the different utilities:
  • pmd check to run PMD rules and analyze a project
  • pmd cpd to run CPD (copy paste detector)
  • pmd designer to run the PMD Rule Designer
• progress bar support for pmd check
• shell completion

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Juan Martín Sotuyo Dodero (@jsotuyod)

Full Antlr support

• Antlr based grammars can now be used to build full-fledged PMD rules.
• Previously, Antlr grammar could only be used for CPD
• New supported languages: Swift and Kotlin

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)

Updated PMD Designer

This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.

New CPD report format cpdhtml-v2.xslt

Thanks to @mohan-chinnappan-n a new CPD report format has been added which features a data table. It uses an XSLT stylesheet to convert CPD’s XML format into HTML.

See the example report.

🎉 Language Related Changes

Note that this is just a concise listing of the highlight. For more information on the languages, see the Detailed Release Notes for PMD 7.

New: Swift support

• use PMD to analyze Swift code with PMD rules
• initially 4 built-in rules

Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)

New: Kotlin support (experimental)

• use PMD to analyze Kotlin code with PMD rules
• Support for Kotlin 1.8 grammar
• initially 2 built-in rules

New: CPD support for TypeScript

Thanks to a contribution, CPD now supports the TypeScript language. It is shipped with the rest of the JavaScript support in the module pmd-javascript.

Contributors: Paul Guyot (@pguyot)

New: CPD support for Julia

Thanks to a contribution, CPD now supports the Julia language. It is shipped in the new module pmd-julia.

Contributors: Wener (@wener-tiobe)

New: CPD support for Coco

Thanks to a contribution, CPD now supports Coco, a modern programming language designed specifically for building event-driven software. It is shipped in the new module pmd-coco.

Contributors: Wener (@wener-tiobe)

Changed: JavaScript support

• latest version supports ES6 and also some new constructs (see Rhino])
• comments are retained

Changed: Language versions

• more predefined language versions for each supported language
• can be used to limit rule execution for specific versions only with minimumLanguageVersion and maximumLanguageVersion attributes.

Changed: CPP can now ignore identifiers in sequences (CPD)

• new command line option for CPD: --ignore-sequences.
• This option is used for CPP only: with the already existing option --ignore-literal-sequences, only literals were ignored. The new option additional ignores identifiers as well in sequences.
• See PR #4470 for details.

🌟 New and changed rules

New Rules

Apex

• UnusedMethod finds unused methods in your code.

Java

• UnnecessaryBoxing reports boxing and unboxing conversions that may be made implicit.

Kotlin

• FunctionNameTooShort
• OverrideBothEqualsAndHashcode

Swift

• ProhibitedInterfaceBuilder
• UnavailableFunction
• ForceCast
• ForceTry

Changed Rules

General changes

• All statistical rules (like ExcessiveClassLength, ExcessiveParameterList) have been simplified and unified. The properties topscore and sigma have been removed. The property minimum is still there, however the type is not a decimal number anymore but has been changed to an integer. This affects rules in the languages Apex, Java, PLSQL and Velocity Template Language (vm):
  • Apex: ExcessiveClassLength, ExcessiveParameterList, ExcessivePublicCount, NcssConstructorCount, NcssMethodCount, NcssTypeCount
  • Java: ExcessiveImports, ExcessiveParameterList, ExcessivePublicCount, SwitchDensity
  • PLSQL: ExcessiveMethodLength, ExcessiveObjectLength, ExcessivePackageBodyLength, ExcessivePackageSpecificationLength, ExcessiveParameterList, ExcessiveTypeLength, NcssMethodCount, NcssObjectCount, NPathComplexity
  • VM: ExcessiveTemplateLength
• The general property violationSuppressXPath which is available for all rules to suppress warnings now uses XPath version 3.1 by default. This version of the XPath language is mostly identical to XPath 2.0. In PMD 6, XPath 1.0 has been used. If you upgrade from PMD 6, you need to verify your violationSuppressXPath properties.

Apex General changes

• The properties cc_categories, cc_remediation_points_multiplier, cc_block_highlighting have been removed from all rules. These properties have been deprecated since PMD 6.13.0. See issue #1648 for more details.

Java General changes

• Violations reported on methods or classes previously reported the line range of the entire method or class. With PMD 7.0.0, the reported location is now just the identifier of the method or class. This affects various rules, e.g. CognitiveComplexity.

  The report location is controlled by the overrides of the method getReportLocation in different node types.

  See issue #4439 and issue #730 for more details.

Java Best Practices

• ArrayIsStoredDirectly: Violations are now reported on the assignment and not anymore on the formal parameter. The reported line numbers will probably move.
• AvoidReassigningLoopVariables: This rule might not report anymore all reassignments of the control variable in for-loops when the property forReassign is set to skip. See issue #4500 for more details.
• LooseCoupling: The rule has a new property to allow some types to be coupled to (allowedTypes).
• UnusedLocalVariable: This rule has some important false-negatives fixed and finds many more cases now. For details see issues #2130, #4516, and #4517.

Java Codestyle

• MethodNamingConventions: The property checkNativeMethods has been removed. The property was deprecated since PMD 6.3.0. Use the property nativePattern to control whether native methods should be considered or not.
• ShortVariable: This rule now also reports short enum constant names.
• UseDiamondOperator: The property java7Compatibility has been removed. The rule now handles Java 7 properly without a property.
• UnnecessaryFullyQualifiedName: The rule has two new properties, to selectively disable reporting on static field and method qualifiers. The rule also has been improved to be more precise.
• UselessParentheses: The rule has two new properties which control how strict the rule should be applied. With ignoreClarifying (default: true) parentheses that are strictly speaking not necessary are allowed, if they separate expressions of different precedence. The other property ignoreBalancing (default: true) is similar, in that it allows parentheses that help reading and understanding the expressions.

Java Design

• CyclomaticComplexity: The property reportLevel has been removed. The property was deprecated since PMD 6.0.0. The report level can now be configured separated for classes and methods using classReportLevel and methodReportLevel instead.
• ImmutableField: The property ignoredAnnotations has been removed. The property was deprecated since PMD 6.52.0.
• LawOfDemeter: The rule has a new property trustRadius. This defines the maximum degree of trusted data. The default of 1 is the most restrictive.
• NPathComplexity: The property minimum has been removed. It was deprecated since PMD 6.0.0. Use the property reportLevel instead.
• SingularField: The properties checkInnerClasses and disallowNotAssignment have been removed. The rule is now more precise and will check these cases properly.
• UseUtilityClass: The property ignoredAnnotations has been removed.

Java Documentation

• CommentContent: The properties caseSensitive and disallowedTerms are removed. The new property forbiddenRegex can be used now to define the disallowed terms with a single regular expression.
• CommentRequired:
  • Overridden methods are now detected even without the @Override annotation. This is relevant for the property methodWithOverrideCommentRequirement. See also pull request #3757.
  • Elements in annotation types are now detected as well. This might lead to an increased number of violations for missing public method comments.
• CommentSize: When determining the line-length of a comment, the leading comment prefix markers (e.g. * or //) are ignored and don’t add up to the line-length. See also pull request #4369.

Java Error Prone

• AvoidDuplicateLiterals: The property exceptionfile has been removed. The property was deprecated since PMD 6.10.0. Use the property exceptionList instead.
• DontImportSun: sun.misc.Signal is not special-cased anymore.
• EmptyCatchBlock: CloneNotSupportedException and InterruptedException are not special-cased anymore. Rename the exception parameter to ignored to ignore them.
• ImplicitSwitchFallThrough: Violations are now reported on the case statements rather than on the switch statements. This is more accurate but might result in more violations now.

Removed Rules

Many rules, that were previously deprecated have been finally removed. See Detailed Release Notes for PMD 7 for the complete list.

🚨 API

The API of PMD has been growing over the years and needed some cleanup. The goal is, to have a clear separation between a well-defined API and the implementation, which is internal. This should help us in future development.

Also, there are some improvement and changes in different areas. For the detailed description of the changes listed here, see Detailed Release Notes for PMD 7.

• Miscellaneous smaller changes and cleanups
• XPath 3.1 support for XPath-based rules
• Node stream API for AST traversal
• Metrics framework
• Testing framework
• Language Lifecycle and Language Properties

💥 Compatibility and migration notes

See Detailed Release Notes for PMD 7.

🐛 Fixed Issues

• miscellaneous
  • #881: [all] Breaking API changes for 7.0.0
  • #896: [all] Use slf4j
  • #1431: [ui] Remove old GUI applications (designerold, bgastviewer)
  • #1451: [core] RulesetFactoryCompatibility stores the whole ruleset file in memory as a string
  • #2496: Update PMD 7 Logo on landing page
  • #2497: PMD 7 Logo page
  • #2498: Update PMD 7 Logo in documentation
  • #3797: [all] Use JUnit5
  • #4462: Provide Software Bill of Materials (SBOM)
  • #4460: Fix assembly-plugin warnings
• ant
  • #4080: [ant] Split off Ant integration into a new submodule
• core
  • #880: [core] Make visitors generic
  • #1622: [core] NodeStream API
  • #1687: [core] Deprecate and Remove XPath 1.0 support
  • #1785: [core] Allow abstract node types to be valid rulechain visits
  • #1825: [core] Support NoAttribute for XPath
  • #2038: [core] Remove DCD
  • #2218: [core] isFindBoundary should not be an attribute
  • #2234: [core] Consolidate PMD CLI into a single command
  • #2239: [core] Merging Javacc build scripts
  • #2500: [core] Clarify API for ANTLR based languages
  • #2518: [core] Language properties
  • #2602: [core] Remove ParserOptions
  • #2614: [core] Upgrade Saxon, add XPath 3.1, remove Jaxen
  • #2696: [core] Remove DFA
  • #2821: [core] Rule processing error filenames are missing paths
  • #2873: [core] Utility classes in pmd 7
  • #2885: [core] Error recovery mode
  • #3203: [core] Replace RuleViolationFactory implementations with ViolationDecorator
  • #3692: [core] Analysis listeners
  • #3782: [core] Language lifecycle
  • #3815: [core] Update Saxon HE to 10.7
  • #3893: [core] Text documents
  • #3902: [core] Violation decorators
  • #3918: [core] Make LanguageRegistry non static
  • #3922: [core] Better error reporting for the ruleset parser
  • #4035: [core] ConcurrentModificationException in DefaultRuleViolationFactory
  • #4120: [core] Explicitly name all language versions
  • #4353: [core] Micro optimizations for Node API
  • #4365: [core] Improve benchmarking
  • #4420: [core] Remove PMD.EOL
  • #4425: [core] Replace TextFile::pathId
  • #4454: [core] “Unknown option: ‘-min’” but is referenced in documentation
• cli
  • #2234: [core] Consolidate PMD CLI into a single command
  • #3828: [core] Progress reporting
  • #4079: [cli] Split off CLI implementation into a pmd-cli submodule
  • #4482: [cli] pmd.bat can only be executed once
  • #4484: [cli] ast-dump with no properties produce an NPE
• doc
  • #2501: [doc] Verify ANTLR Documentation
  • #4438: [doc] Documentation links in VS Code are outdated
• testing
  • #2435: [test] Remove duplicated Dummy language module
  • #4234: [test] Tests that change the logging level do not work

Language specific fixes:

• apex
  • #1937: [apex] Apex should only have a single RootNode
  • #1648: [apex,vf] Remove CodeClimate dependency
  • #1750: [apex] Remove apex statistical rules
  • #2836: [apex] Remove Apex ProjectMirror
  • #4427: [apex] ApexBadCrypto test failing to detect inline code
• apex-design
  • #2667: [apex] Integrate nawforce/ApexLink to build robust Unused rule
  • #4509: [apex] ExcessivePublicCount doesn’t consider inner classes correctly
• java
  • #520: [java] Allow @SuppressWarnings with constants instead of literals
  • #864: [java] Similar/duplicated implementations for determining FQCN
  • #905: [java] Add new node for anonymous class declaration
  • #910: [java] AST inconsistency between primitive and reference type arrays
  • #997: [java] Java8 parsing corner case with annotated array types
  • #998: [java] AST inconsistencies around FormalParameter
  • #1019: [java] Breaking Java Grammar changes for PMD 7.0.0
  • #1124: [java] ImmutableList implementation in the qname codebase
  • #1128: [java] Improve ASTLocalVariableDeclaration
  • #1150: [java] ClassOrInterfaceType AST improvements
  • #1207: [java] Resolve explicit types using FQCNs, without hitting the classloader
  • #1367: [java] Parsing error on annotated inner class
  • #1661: [java] About operator nodes
  • #2366: [java] Remove qualified names
  • #2819: [java] GLB bugs in pmd 7
  • #3642: [java] Parse error on rare extra dimensions on method return type on annotation methods
  • #3763: [java] Ambiguous reference error in valid code
  • #3749: [java] Improve isOverridden in ASTMethodDeclaration
  • #3750: [java] Make symbol table support instanceof pattern bindings
  • #3752: [java] Expose annotations in symbol API
  • #4237: [java] Cleanup handling of Java comments
  • #4317: [java] Some AST nodes should not be TypeNodes
  • #4359: [java] Type resolution fails with NPE when the scope is not a type declaration
  • #4367: [java] Move testrule TypeResTest into internal
  • #4383: [java] IllegalStateException: Object is not an array type!
  • #4405: [java] Processing error with ArrayIndexOutOfBoundsException
• java-bestpractices
  • #342: [java] AccessorMethodGeneration: Name clash with another public field not properly handled
  • #755: [java] AccessorClassGeneration false positive for private constructors
  • #770: [java] UnusedPrivateMethod yields false positive for counter-variant arguments
  • #807: [java] AccessorMethodGeneration false positive with overloads
  • #833: [java] ForLoopCanBeForeach should consider iterating on this
  • #1189: [java] UnusedPrivateMethod false positive from inner class via external class
  • #1205: [java] Improve ConstantsInInterface message to mention alternatives
  • #1212: [java] Don’t raise JUnitTestContainsTooManyAsserts on JUnit 5’s assertAll
  • #1422: [java] JUnitTestsShouldIncludeAssert false positive with inherited @Rule field
  • #1455: [java] JUnitTestsShouldIncludeAssert: False positives for assert methods named “check” and “verify”
  • #1563: [java] ForLoopCanBeForeach false positive with method call using index variable
  • #1565: [java] JUnitAssertionsShouldIncludeMessage false positive with AssertJ
  • #1747: [java] PreserveStackTrace false-positive
  • #1969: [java] MissingOverride false-positive triggered by package-private method overwritten in another package by extending class
  • #1998: [java] AccessorClassGeneration false-negative: subclass calls private constructor
  • #2130: [java] UnusedLocalVariable: false-negative with array
  • #2147: [java] JUnitTestsShouldIncludeAssert - false positives with lambdas and static methods
  • #2464: [java] LooseCoupling must ignore class literals: ArrayList.class
  • #2542: [java] UseCollectionIsEmpty can not detect the case foo.bar().size()
  • #2650: [java] UseTryWithResources false positive when AutoCloseable helper used
  • #2796: [java] UnusedAssignment false positive with call chains
  • #2797: [java] MissingOverride long-standing issues
  • #2806: [java] SwitchStmtsShouldHaveDefault false-positive with Java 14 switch non-fallthrough branches
  • #2822: [java] LooseCoupling rule: Extend to cover user defined implementations and interfaces
  • #2843: [java] Fix UnusedAssignment FP with field accesses
  • #2882: [java] UseTryWithResources - false negative for explicit close
  • #2883: [java] JUnitAssertionsShouldIncludeMessage false positive with method call
  • #2890: [java] UnusedPrivateMethod false positive with generics
  • #2946: [java] SwitchStmtsShouldHaveDefault false positive on enum inside enums
  • #3672: [java] LooseCoupling - fix false positive with generics
  • #3675: [java] MissingOverride - fix false positive with mixing type vars
  • #3858: [java] UseCollectionIsEmpty should infer local variable type from method invocation
  • #4433: [java] [7.0-rc1] ReplaceHashtableWithMap on java.util.Properties
  • #4492: [java] GuardLogStatement gives false positive when argument is a Java method reference
  • #4503: [java] JUnitTestsShouldIncludeAssert: false negative with TestNG
  • #4516: [java] UnusedLocalVariable: false-negative with try-with-resources
  • #4517: [java] UnusedLocalVariable: false-negative with compound assignments
  • #4518: [java] UnusedLocalVariable: false-positive with multiple for-loop indices
• java-codestyle
  • #1208: [java] PrematureDeclaration rule false-positive on variable declared to measure time
  • #1429: [java] PrematureDeclaration as result of method call (false positive)
  • #1480: [java] IdenticalCatchBranches false positive with return expressions
  • #1673: [java] UselessParentheses false positive with conditional operator
  • #1790: [java] UnnecessaryFullyQualifiedName false positive with enum constant
  • #1918: [java] UselessParentheses false positive with boolean operators
  • #2134: [java] PreserveStackTrace not handling Throwable.addSuppressed(...)
  • #2299: [java] UnnecessaryFullyQualifiedName false positive with similar package name
  • #2391: [java] UseDiamondOperator FP when expected type and constructed type have a different parameterization
  • #2528: [java] MethodNamingConventions - JUnit 5 method naming not support ParameterizedTest
  • #2739: [java] UselessParentheses false positive for string concatenation
  • #2748: [java] UnnecessaryCast false positive with unchecked cast
  • #2973: [java] New rule: UnnecessaryBoxing
  • #3195: [java] Improve rule UnnecessaryReturn to detect more cases
  • #3218: [java] Generalize UnnecessaryCast to flag all unnecessary casts
  • #3221: [java] PrematureDeclaration false positive for unused variables
  • #3238: [java] Improve ExprContext, fix FNs of UnnecessaryCast
  • #3500: [java] UnnecessaryBoxing - check for Integer.valueOf(String) calls
  • #4268: [java] CommentDefaultAccessModifier: false positive with TestNG annotations
  • #4273: [java] CommentDefaultAccessModifier ignoredAnnotations should include “org.junit.jupiter.api.extension.RegisterExtension” by default
  • #4357: [java] Fix IllegalStateException in UseDiamondOperator rule
  • #4432: [java] [7.0-rc1] UnnecessaryImport - Unused static import is being used
  • #4455: [java] FieldNamingConventions: false positive with lombok’s @UtilityClass
  • #4487: [java] UnnecessaryConstructor: false-positive with @Inject and @Autowired
  • #4511: [java] LocalVariableCouldBeFinal shouldn’t report unused variables
  • #4512: [java] MethodArgumentCouldBeFinal shouldn’t report unused parameters
  • #4557: [java] UnnecessaryImport FP with static imports of overloaded methods
• java-design
  • #1014: [java] LawOfDemeter: False positive with lambda expression
  • #1605: [java] LawOfDemeter: False positive for standard UTF-8 charset name
  • #2160: [java] Issues with Law of Demeter
  • #2175: [java] LawOfDemeter: False positive for chained methods with generic method call
  • #2179: [java] LawOfDemeter: False positive with static property access - should treat class-level property as global object, not dot-accessed property
  • #2180: [java] LawOfDemeter: False positive with Thread and ThreadLocalRandom
  • #2182: [java] LawOfDemeter: False positive with package-private access
  • #2188: [java] LawOfDemeter: False positive with fields assigned to local vars
  • #2536: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal can’t detect inner class
  • #3668: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal - fix FP with inner private classes
  • #3754: [java] SingularField false positive with read in while condition
  • #3786: [java] SimplifyBooleanReturns should consider operator precedence
  • #3840: [java] LawOfDemeter disallows method call on locally created object
  • #4238: [java] Make LawOfDemeter not use the rulechain
  • #4254: [java] ImmutableField - false positive with Lombok @Setter
  • #4434: [java] [7.0-rc1] ExceptionAsFlowControl when simply propagating
  • #4456: [java] FinalFieldCouldBeStatic: false positive with lombok’s @UtilityClass
  • #4477: [java] SignatureDeclareThrowsException: false-positive with TestNG annotations
  • #4490: [java] ImmutableField - false negative with Lombok @Getter
  • #4549: [java] Make LawOfDemeter results deterministic
• java-documentation
  • #4369: [java] Improve CommentSize
  • #4416: [java] Fix reported line number in CommentContentRule
• java-errorprone
  • #659: [java] MissingBreakInSwitch - last default case does not contain a break
  • #1005: [java] CloneMethodMustImplementCloneable triggers for interfaces
  • #1669: [java] NullAssignment - FP with ternay and null as constructor argument
  • #1899: [java] Recognize @SuppressWanings(“fallthrough”) for MissingBreakInSwitch
  • #2320: [java] NullAssignment - FP with ternary and null as method argument
  • #2532: [java] AvoidDecimalLiteralsInBigDecimalConstructor can not detect the case new BigDecimal(Expression)
  • #2579: [java] MissingBreakInSwitch detects the lack of break in the last case
  • #2880: [java] CompareObjectsWithEquals - false negative with type res
  • #2893: [java] Remove special cases from rule EmptyCatchBlock
  • #2894: [java] Improve MissingBreakInSwitch
  • #3071: [java] BrokenNullCheck FP with PMD 6.30.0
  • #3087: [java] UnnecessaryBooleanAssertion overlaps with SimplifiableTestAssertion
  • #3100: [java] UseCorrectExceptionLogging FP in 6.31.0
  • #3173: [java] UseProperClassLoader false positive
  • #3351: [java] ConstructorCallsOverridableMethod ignores abstract methods
  • #3400: [java] AvoidUsingOctalValues FN with underscores
  • #3843: [java] UseEqualsToCompareStrings should consider return type
  • #4063: [java] AvoidBranchingStatementAsLastInLoop: False-negative about try/finally block
  • #4356: [java] Fix NPE in CloseResourceRule
  • #4449: [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
  • #4457: [java] OverrideBothEqualsAndHashcode: false negative with anonymous classes
  • #4493: [java] MissingStaticMethodInNonInstantiatableClass: false-positive about @Inject
  • #4505: [java] ImplicitSwitchFallThrough NPE in PMD 7.0.0-rc1
  • #4510: [java] ConstructorCallsOverridableMethod: false positive with lombok’s @Value
  • #4513: [java] UselessOperationOnImmutable various false negatives with String
  • #4514: [java] AvoidLiteralsInIfCondition false positive and negative for String literals when ignoreExpressions=true
  • #4546: [java] OverrideBothEqualsAndHashCode ignores records
• java-multithreading
  • #2537: [java] DontCallThreadRun can’t detect the case that call run() in this.run()
  • #2538: [java] DontCallThreadRun can’t detect the case that call run() in foo.bar.run()
  • #2577: [java] UseNotifyAllInsteadOfNotify falsely detect a special case with argument: foo.notify(bar)
  • #4483: [java] NonThreadSafeSingleton false positive with double-checked locking
• java-performance
  • #1224: [java] InefficientEmptyStringCheck false negative in anonymous class
  • #2587: [java] AvoidArrayLoops could also check for list copy through iterated List.add()
  • #2712: [java] SimplifyStartsWith false-positive with AssertJ
  • #3486: [java] InsufficientStringBufferDeclaration: Fix NPE
  • #3848: [java] StringInstantiation: false negative when using method result
  • #4070: [java] A false positive about the rule RedundantFieldInitializer
  • #4458: [java] RedundantFieldInitializer: false positive with lombok’s @Value
• kotlin
  • #419: [kotlin] Add support for Kotlin
  • #4389: [kotlin] Update grammar to version 1.8
• swift
  • #1877: [swift] Feature/swift rules
  • #1882: [swift] UnavailableFunction Swift rule
• xml
  • #1800: [xml] Unimplement org.w3c.dom.Node from the XmlNodeWrapper

✨ External Contributions

• #1658: [core] Node support for Antlr-based languages - Matías Fraga (@matifraga)
• #1698: [core] [swift] Antlr Base Parser adapter and Swift Implementation - Lucas Soncini (@lsoncini)
• #1774: [core] Antlr visitor rules - Lucas Soncini (@lsoncini)
• #1877: [swift] Feature/swift rules - Matías Fraga (@matifraga)
• #1881: [doc] Add ANTLR documentation - Matías Fraga (@matifraga)
• #1882: [swift] UnavailableFunction Swift rule - Tomás de Lucca (@tomidelucca)
• #2830: [apex] Apexlink POC - Kevin Jones (@nawforce)
• #3866: [core] Add CLI Progress Bar - @JerritEic (@JerritEic)
• #4402: [javascript] CPD: add support for Typescript using antlr4 grammar - Paul Guyot (@pguyot)
• #4403: [julia] CPD: Add support for Julia code duplication - Wener (@wener-tiobe)
• #4412: [doc] Added new error msg to ConstantsInInterface - David Ljunggren (@dague1)
• #4426: [cpd] New XML to HTML XLST report format for PMD CPD - mohan-chinnappan-n (@mohan-chinnappan-n)
• #4428: [apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - Steven Stearns (@sfdcsteve)
• #4431: [coco] CPD: Coco support for code duplication detection - Wener (@wener-tiobe)
• #4444: [java] CommentDefaultAccessModifier - ignore org.junit.jupiter.api.extension.RegisterExtension by default - Nirvik Patel (@nirvikpatel)
• #4450: [java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios - Seren (@mohui1999)
• #4452: [doc] Update PMD_APEX_ROOT_DIRECTORY documentation reference - nwcm (@nwcm)
• #4470: [cpp] CPD: Added strings as literal and ignore identifiers in sequences - Wener (@wener-tiobe)
• #4474: [java] ImmutableField: False positive with lombok (fixes #4254) - Pim van der Loos (@PimvanderLoos)
• #4488: [java] Fix #4477: A false-positive about SignatureDeclareThrowsException - AnnaDev (@LynnBroe)
• #4494: [java] Fix #4487: A false-positive about UnnecessaryConstructor and @Inject and @Autowired - AnnaDev (@LynnBroe)
• #4495: [java] Fix #4493: false-positive about MissingStaticMethodInNonInstantiatableClass and @Inject - AnnaDev (@LynnBroe)
• #4507: [java] Fix #4503: A false negative about JUnitTestsShouldIncludeAssert and testng - AnnaDev (@LynnBroe)
• #4520: [doc] Fix typo: missing closing quotation mark after CPD-END - João Dinis Ferreira (@joaodinissf)
• #4533: [java] Fix #4063: False-negative about try/catch block in Loop - AnnaDev (@LynnBroe)
• #4536: [java] Fix #4268: CommentDefaultAccessModifier - false positive with TestNG’s @Test annotation - AnnaDev (@LynnBroe)
• #4537: [java] Fix #4455: A false positive about FieldNamingConventions and UtilityClass - AnnaDev (@LynnBroe)
• #4538: [java] Fix #4456: A false positive about FinalFieldCouldBeStatic and UtilityClass - AnnaDev (@LynnBroe)
• #4540: [java] Fix #4457: false negative about OverrideBothEqualsAndHashcode - AnnaDev (@LynnBroe)
• #4541: [java] Fix #4458: A false positive about RedundantFieldInitializer and @Value - AnnaDev (@LynnBroe)
• #4542: [java] Fix #4510: A false positive about ConstructorCallsOverridableMethod and @Value - AnnaDev (@LynnBroe)
• #4553: [java] Fix #4492: GuardLogStatement gives false positive when argument is a Java method reference - Anastasiia Koba (@anastasiia-koba)

📈 Stats

• 4694 commits
• 617 closed tickets & PRs
• Days since last release: 30

29-April-2023 - 7.0.0-rc2

We’re excited to bring you the next major version of PMD!

Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate page with the full Detailed Release Notes for PMD 7.0.0.

Table Of Contents

• Changes since 7.0.0-rc1
  • API Changes
  • Updated PMD Designer
  • Language Related Changes
  • Rule Changes
  • Fixed Issues
  • External contributions
• 🚀 Major Features and Enhancements
  • New official logo
  • Revamped Java module
  • Revamped Command Line Interface
  • Full Antlr support
  • Updated PMD Designer
• 🎉 Language Related Changes
  • New: Swift support
  • New: Kotlin support (experimental)
  • New: CPD support for TypeScript
  • New: CPD support for Julia
  • Changed: JavaScript support
  • Changed: Language versions
• 🌟 New and changed rules
  • New Rules
  • Changed Rules
  • Removed Rules
• 🚨 API
• 💥 Compatibility and migration notes
• 🐛 Fixed Issues
• ✨ External Contributions
• 📈 Stats

Changes since 7.0.0-rc1

This section lists the most important changes from the last release candidate. The remaining section describes the complete release notes for 7.0.0.

API Changes

• Moved the two classes AntlrTokenizer and JavaCCTokenizer from internal package into package net.sourceforge.pmd.cpd.impl. These two classes are part of the API and are base classes for CPD language implementations.
• AntlrBaseRule is gone in favor of AbstractVisitorRule.
• The classes KotlinInnerNode and SwiftInnerNode are package-private now.
• The parameter order of addSourceFile has been swapped in order to have the same meaning as in 6.55.0. That will make it easier if you upgrade from 6.55.0 to 7.0.0. However, that means, that you need to change these method calls if you have migrated to 7.0.0-rc1 already.

Updated PMD Designer

This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.

Language Related Changes

• New: CPD support for TypeScript
• New: CPD support for Julia

Rule Changes

• ImmutableField: the property ignoredAnnotations has been removed. The property was deprecated since PMD 6.52.0.
• SwitchDensity: the type of the property minimum has been changed from decimal to integer for consistency with other statistical rules.

Fixed Issues

• cli
  • #4482: [cli] pmd.bat can only be executed once
  • #4484: [cli] ast-dump with no properties produce an NPE
• core
  • #2500: [core] Clarify API for ANTLR based languages
• doc
  • #2501: [doc] Verify ANTLR Documentation
  • #4438: [doc] Documentation links in VS Code are outdated
• java-codestyle
  • #4273: [java] CommentDefaultAccessModifier ignoredAnnotations should include “org.junit.jupiter.api.extension.RegisterExtension” by default
  • #4487: [java] UnnecessaryConstructor: false-positive with @Inject and @Autowired
• java-design
  • #4254: [java] ImmutableField - false positive with Lombok @Setter
  • #4477: [java] SignatureDeclareThrowsException: false-positive with TestNG annotations
  • #4490: [java] ImmutableField - false negative with Lombok @Getter
• java-errorprone
  • #4449: [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
  • #4493: [java] MissingStaticMethodInNonInstantiatableClass: false-positive about @Inject
  • #4505: [java] ImplicitSwitchFallThrough NPE in PMD 7.0.0-rc1
• java-multithreading
  • #4483: [java] NonThreadSafeSingleton false positive with double-checked locking
• miscellaneous
  • #4462: Provide Software Bill of Materials (SBOM)

External contributions

• #4402: [javascript] CPD: add support for Typescript using antlr4 grammar - Paul Guyot (@pguyot)
• #4403: [julia] CPD: Add support for Julia code duplication - Wener (@wener-tiobe)
• #4444: [java] CommentDefaultAccessModifier - ignore org.junit.jupiter.api.extension.RegisterExtension by default - Nirvik Patel (@nirvikpatel)
• #4450: [java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios - Seren (@mohui1999)
• #4452: [doc] Update PMD_APEX_ROOT_DIRECTORY documentation reference - nwcm (@nwcm)
• #4474: [java] ImmutableField: False positive with lombok (fixes #4254) - Pim van der Loos (@PimvanderLoos)
• #4488: [java] Fix #4477: A false-positive about SignatureDeclareThrowsException - AnnaDev (@LynnBroe)
• #4494: [java] Fix #4487: A false-positive about UnnecessaryConstructor and @Inject and @Autowired - AnnaDev (@LynnBroe)
• #4495: [java] Fix #4493: false-positive about MissingStaticMethodInNonInstantiatableClass and @Inject - AnnaDev (@LynnBroe)
• #4520: [doc] Fix typo: missing closing quotation mark after CPD-END - João Dinis Ferreira (@joaodinissf)

🚀 Major Features and Enhancements

New official logo

The new official logo of PMD:

Revamped Java module

• Java grammar substantially refactored - more correct regarding the Java Language Specification (JLS)
• Built-in rules have been upgraded for the changed AST
• Rewritten type resolution framework and symbol table correctly implements the JLS
• AST exposes more semantic information (method calls, field accesses)

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Clément Fournier (@oowekyala), Andreas Dangel (@adangel), Juan Martín Sotuyo Dodero (@jsotuyod)

Revamped Command Line Interface

• unified and consistent Command Line Interface for both Linux/Unix and Windows across our different utilities
• single script pmd (pmd.bat for Windows) to launch the different utilities:
  • pmd check to run PMD rules and analyze a project
  • pmd cpd to run CPD (copy paste detector)
  • pmd designer to run the PMD Rule Designer
• progress bar support for pmd check
• shell completion

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Juan Martín Sotuyo Dodero (@jsotuyod)

Full Antlr support

• Antlr based grammars can now be used to build full-fledged PMD rules.
• Previously, Antlr grammar could only be used for CPD
• New supported languages: Swift and Kotlin

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)

Updated PMD Designer

This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.

🎉 Language Related Changes

Note that this is just a concise listing of the highlight. For more information on the languages, see the Detailed Release Notes for PMD 7.

New: Swift support

• use PMD to analyze Swift code with PMD rules
• initially 4 built-in rules

Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)

New: Kotlin support (experimental)

• use PMD to analyze Kotlin code with PMD rules
• Support for Kotlin 1.8 grammar
• initially 2 built-in rules

New: CPD support for TypeScript

Thanks to a contribution, CPD now supports the TypeScript language. It is shipped with the rest of the JavaScript support in the module pmd-javascript.

Contributors: Paul Guyot (@pguyot)

New: CPD support for Julia

Thanks to a contribution, CPD now supports the Julia language. It is shipped in the new module pmd-julia.

Contributors: Wener (@wener-tiobe)

Changed: JavaScript support

• latest version supports ES6 and also some new constructs (see Rhino])
• comments are retained

Changed: Language versions

• more predefined language versions for each supported language
• can be used to limit rule execution for specific versions only with minimumLanguageVersion and maximumLanguageVersion attributes.

🌟 New and changed rules

New Rules

Apex

• UnusedMethod finds unused methods in your code.

Java

• UnnecessaryBoxing reports boxing and unboxing conversions that may be made implicit.

Kotlin

• FunctionNameTooShort
• OverrideBothEqualsAndHashcode

Swift

• ProhibitedInterfaceBuilder
• UnavailableFunction
• ForceCast
• ForceTry

Changed Rules

General changes

• All statistical rules (like ExcessiveClassLength, ExcessiveParameterList) have been simplified and unified. The properties topscore and sigma have been removed. The property minimum is still there, however the type is not a decimal number anymore but has been changed to an integer. This affects rules in the languages Apex, Java, PLSQL and Velocity Template Language (vm):
  • Apex: ExcessiveClassLength, ExcessiveParameterList, ExcessivePublicCount, NcssConstructorCount, NcssMethodCount, NcssTypeCount
  • Java: ExcessiveImports, ExcessiveParameterList, ExcessivePublicCount, SwitchDensity
  • PLSQL: ExcessiveMethodLength, ExcessiveObjectLength, ExcessivePackageBodyLength, ExcessivePackageSpecificationLength, ExcessiveParameterList, ExcessiveTypeLength, NcssMethodCount, NcssObjectCount, NPathComplexity
  • VM: ExcessiveTemplateLength
• The general property violationSuppressXPath which is available for all rules to suppress warnings now uses XPath version 3.1 by default. This version of the XPath language is mostly identical to XPath 2.0. In PMD 6, XPath 1.0 has been used. If you upgrade from PMD 6, you need to verify your violationSuppressXPath properties.

Apex General changes

• The properties cc_categories, cc_remediation_points_multiplier, cc_block_highlighting have been removed from all rules. These properties have been deprecated since PMD 6.13.0. See issue #1648 for more details.

Java General changes

• Violations reported on methods or classes previously reported the line range of the entire method or class. With PMD 7.0.0, the reported location is now just the identifier of the method or class. This affects various rules, e.g. CognitiveComplexity.

  The report location is controlled by the overrides of the method getReportLocation in different node types.

  See issue #4439 and issue #730 for more details.

Java Best Practices

• ArrayIsStoredDirectly: Violations are now reported on the assignment and not anymore on the formal parameter. The reported line numbers will probably move.
• AvoidReassigningLoopVariables: This rule might not report anymore all reassignments of the control variable in for-loops when the property forReassign is set to skip. See issue #4500 for more details.
• LooseCoupling: The rule has a new property to allow some types to be coupled to (allowedTypes).
• UnusedLocalVariable: This rule has some important false-negatives fixed and finds many more cases now. For details see issues #2130, #4516, and #4517.

Java Codestyle

• MethodNamingConventions: The property checkNativeMethods has been removed. The property was deprecated since PMD 6.3.0. Use the property nativePattern to control whether native methods should be considered or not.
• ShortVariable: This rule now also reports short enum constant names.
• UseDiamondOperator: The property java7Compatibility has been removed. The rule now handles Java 7 properly without a property.
• UnnecessaryFullyQualifiedName: The rule has two new properties, to selectively disable reporting on static field and method qualifiers. The rule also has been improved to be more precise.
• UselessParentheses: The rule has two new properties which control how strict the rule should be applied. With ignoreClarifying (default: true) parentheses that are strictly speaking not necessary are allowed, if they separate expressions of different precedence. The other property ignoreBalancing (default: true) is similar, in that it allows parentheses that help reading and understanding the expressions.

Java Design

• CyclomaticComplexity: The property reportLevel has been removed. The property was deprecated since PMD 6.0.0. The report level can now be configured separated for classes and methods using classReportLevel and methodReportLevel instead.
• ImmutableField: The property ignoredAnnotations has been removed. The property was deprecated since PMD 6.52.0.
• LawOfDemeter: The rule has a new property trustRadius. This defines the maximum degree of trusted data. The default of 1 is the most restrictive.
• NPathComplexity: The property minimum has been removed. It was deprecated since PMD 6.0.0. Use the property reportLevel instead.
• SingularField: The properties checkInnerClasses and disallowNotAssignment have been removed. The rule is now more precise and will check these cases properly.
• UseUtilityClass: The property ignoredAnnotations has been removed.

Java Documentation

• CommentContent: The properties caseSensitive and disallowedTerms are removed. The new property forbiddenRegex can be used now to define the disallowed terms with a single regular expression.
• CommentRequired:
  • Overridden methods are now detected even without the @Override annotation. This is relevant for the property methodWithOverrideCommentRequirement. See also pull request #3757.
  • Elements in annotation types are now detected as well. This might lead to an increased number of violations for missing public method comments.
• CommentSize: When determining the line-length of a comment, the leading comment prefix markers (e.g. * or //) are ignored and don’t add up to the line-length. See also pull request #4369.

Java Error Prone

• AvoidDuplicateLiterals: The property exceptionfile has been removed. The property was deprecated since PMD 6.10.0. Use the property exceptionList instead.
• DontImportSun: sun.misc.Signal is not special-cased anymore.
• EmptyCatchBlock: CloneNotSupportedException and InterruptedException are not special-cased anymore. Rename the exception parameter to ignored to ignore them.
• ImplicitSwitchFallThrough: Violations are now reported on the case statements rather than on the switch statements. This is more accurate but might result in more violations now.

Removed Rules

Many rules, that were previously deprecated have been finally removed. See Detailed Release Notes for PMD 7 for the complete list.

🚨 API

The API of PMD has been growing over the years and needed some cleanup. The goal is, to have a clear separation between a well-defined API and the implementation, which is internal. This should help us in future development.

Also, there are some improvement and changes in different areas. For the detailed description of the changes listed here, see Detailed Release Notes for PMD 7.

• Miscellaneous smaller changes and cleanups
• XPath 3.1 support for XPath-based rules
• Node stream API for AST traversal
• Metrics framework
• Testing framework
• Language Lifecycle and Language Properties

💥 Compatibility and migration notes

See Detailed Release Notes for PMD 7.

🐛 Fixed Issues

• miscellaneous
  • #881: [all] Breaking API changes for 7.0.0
  • #896: [all] Use slf4j
  • #1431: [ui] Remove old GUI applications (designerold, bgastviewer)
  • #1451: [core] RulesetFactoryCompatibility stores the whole ruleset file in memory as a string
  • #2496: Update PMD 7 Logo on landing page
  • #2497: PMD 7 Logo page
  • #2498: Update PMD 7 Logo in documentation
  • #3797: [all] Use JUnit5
  • #4462: Provide Software Bill of Materials (SBOM)
• ant
  • #4080: [ant] Split off Ant integration into a new submodule
• core
  • #880: [core] Make visitors generic
  • #1622: [core] NodeStream API
  • #1687: [core] Deprecate and Remove XPath 1.0 support
  • #1785: [core] Allow abstract node types to be valid rulechain visits
  • #1825: [core] Support NoAttribute for XPath
  • #2038: [core] Remove DCD
  • #2218: [core] isFindBoundary should not be an attribute
  • #2234: [core] Consolidate PMD CLI into a single command
  • #2239: [core] Merging Javacc build scripts
  • #2500: [core] Clarify API for ANTLR based languages
  • #2518: [core] Language properties
  • #2602: [core] Remove ParserOptions
  • #2614: [core] Upgrade Saxon, add XPath 3.1, remove Jaxen
  • #2696: [core] Remove DFA
  • #2821: [core] Rule processing error filenames are missing paths
  • #2873: [core] Utility classes in pmd 7
  • #2885: [core] Error recovery mode
  • #3203: [core] Replace RuleViolationFactory implementations with ViolationDecorator
  • #3692: [core] Analysis listeners
  • #3782: [core] Language lifecycle
  • #3815: [core] Update Saxon HE to 10.7
  • #3893: [core] Text documents
  • #3902: [core] Violation decorators
  • #3918: [core] Make LanguageRegistry non static
  • #3922: [core] Better error reporting for the ruleset parser
  • #4035: [core] ConcurrentModificationException in DefaultRuleViolationFactory
  • #4120: [core] Explicitly name all language versions
  • #4353: [core] Micro optimizations for Node API
  • #4365: [core] Improve benchmarking
  • #4420: [core] Remove PMD.EOL
• cli
  • #2234: [core] Consolidate PMD CLI into a single command
  • #3828: [core] Progress reporting
  • #4079: [cli] Split off CLI implementation into a pmd-cli submodule
  • #4482: [cli] pmd.bat can only be executed once
  • #4484: [cli] ast-dump with no properties produce an NPE
• doc
  • #2501: [doc] Verify ANTLR Documentation
  • #4438: [doc] Documentation links in VS Code are outdated
• testing
  • #2435: [test] Remove duplicated Dummy language module
  • #4234: [test] Tests that change the logging level do not work

Language specific fixes:

• apex
  • #1937: [apex] Apex should only have a single RootNode
  • #1648: [apex,vf] Remove CodeClimate dependency
  • #1750: [apex] Remove apex statistical rules
  • #2836: [apex] Remove Apex ProjectMirror
  • #4427: [apex] ApexBadCrypto test failing to detect inline code
• apex-design
  • #2667: [apex] Integrate nawforce/ApexLink to build robust Unused rule
  • #4509: [apex] ExcessivePublicCount doesn’t consider inner classes correctly
• java
  • #520: [java] Allow @SuppressWarnings with constants instead of literals
  • #864: [java] Similar/duplicated implementations for determining FQCN
  • #905: [java] Add new node for anonymous class declaration
  • #910: [java] AST inconsistency between primitive and reference type arrays
  • #997: [java] Java8 parsing corner case with annotated array types
  • #998: [java] AST inconsistencies around FormalParameter
  • #1019: [java] Breaking Java Grammar changes for PMD 7.0.0
  • #1124: [java] ImmutableList implementation in the qname codebase
  • #1128: [java] Improve ASTLocalVariableDeclaration
  • #1150: [java] ClassOrInterfaceType AST improvements
  • #1207: [java] Resolve explicit types using FQCNs, without hitting the classloader
  • #1367: [java] Parsing error on annotated inner class
  • #1661: [java] About operator nodes
  • #2366: [java] Remove qualified names
  • #2819: [java] GLB bugs in pmd 7
  • #3642: [java] Parse error on rare extra dimensions on method return type on annotation methods
  • #3763: [java] Ambiguous reference error in valid code
  • #3749: [java] Improve isOverridden in ASTMethodDeclaration
  • #3750: [java] Make symbol table support instanceof pattern bindings
  • #3752: [java] Expose annotations in symbol API
  • #4237: [java] Cleanup handling of Java comments
  • #4317: [java] Some AST nodes should not be TypeNodes
  • #4359: [java] Type resolution fails with NPE when the scope is not a type declaration
  • #4367: [java] Move testrule TypeResTest into internal
• java-bestpractices
  • #342: [java] AccessorMethodGeneration: Name clash with another public field not properly handled
  • #755: [java] AccessorClassGeneration false positive for private constructors
  • #770: [java] UnusedPrivateMethod yields false positive for counter-variant arguments
  • #807: [java] AccessorMethodGeneration false positive with overloads
  • #833: [java] ForLoopCanBeForeach should consider iterating on this
  • #1189: [java] UnusedPrivateMethod false positive from inner class via external class
  • #1205: [java] Improve ConstantsInInterface message to mention alternatives
  • #1212: [java] Don’t raise JUnitTestContainsTooManyAsserts on JUnit 5’s assertAll
  • #1422: [java] JUnitTestsShouldIncludeAssert false positive with inherited @Rule field
  • #1455: [java] JUnitTestsShouldIncludeAssert: False positives for assert methods named “check” and “verify”
  • #1563: [java] ForLoopCanBeForeach false positive with method call using index variable
  • #1565: [java] JUnitAssertionsShouldIncludeMessage false positive with AssertJ
  • #1747: [java] PreserveStackTrace false-positive
  • #1969: [java] MissingOverride false-positive triggered by package-private method overwritten in another package by extending class
  • #1998: [java] AccessorClassGeneration false-negative: subclass calls private constructor
  • #2130: [java] UnusedLocalVariable: false-negative with array
  • #2147: [java] JUnitTestsShouldIncludeAssert - false positives with lambdas and static methods
  • #2464: [java] LooseCoupling must ignore class literals: ArrayList.class
  • #2542: [java] UseCollectionIsEmpty can not detect the case foo.bar().size()
  • #2650: [java] UseTryWithResources false positive when AutoCloseable helper used
  • #2796: [java] UnusedAssignment false positive with call chains
  • #2797: [java] MissingOverride long-standing issues
  • #2806: [java] SwitchStmtsShouldHaveDefault false-positive with Java 14 switch non-fallthrough branches
  • #2822: [java] LooseCoupling rule: Extend to cover user defined implementations and interfaces
  • #2843: [java] Fix UnusedAssignment FP with field accesses
  • #2882: [java] UseTryWithResources - false negative for explicit close
  • #2883: [java] JUnitAssertionsShouldIncludeMessage false positive with method call
  • #2890: [java] UnusedPrivateMethod false positive with generics
  • #2946: [java] SwitchStmtsShouldHaveDefault false positive on enum inside enums
  • #3672: [java] LooseCoupling - fix false positive with generics
  • #3675: [java] MissingOverride - fix false positive with mixing type vars
  • #3858: [java] UseCollectionIsEmpty should infer local variable type from method invocation
  • #4516: [java] UnusedLocalVariable: false-negative with try-with-resources
  • #4517: [java] UnusedLocalVariable: false-negative with compound assignments
  • #4518: [java] UnusedLocalVariable: false-positive with multiple for-loop indices
• java-codestyle
  • #1208: [java] PrematureDeclaration rule false-positive on variable declared to measure time
  • #1429: [java] PrematureDeclaration as result of method call (false positive)
  • #1480: [java] IdenticalCatchBranches false positive with return expressions
  • #1673: [java] UselessParentheses false positive with conditional operator
  • #1790: [java] UnnecessaryFullyQualifiedName false positive with enum constant
  • #1918: [java] UselessParentheses false positive with boolean operators
  • #2134: [java] PreserveStackTrace not handling Throwable.addSuppressed(...)
  • #2299: [java] UnnecessaryFullyQualifiedName false positive with similar package name
  • #2391: [java] UseDiamondOperator FP when expected type and constructed type have a different parameterization
  • #2528: [java] MethodNamingConventions - JUnit 5 method naming not support ParameterizedTest
  • #2739: [java] UselessParentheses false positive for string concatenation
  • #2748: [java] UnnecessaryCast false positive with unchecked cast
  • #2973: [java] New rule: UnnecessaryBoxing
  • #3195: [java] Improve rule UnnecessaryReturn to detect more cases
  • #3218: [java] Generalize UnnecessaryCast to flag all unnecessary casts
  • #3221: [java] PrematureDeclaration false positive for unused variables
  • #3238: [java] Improve ExprContext, fix FNs of UnnecessaryCast
  • #3500: [java] UnnecessaryBoxing - check for Integer.valueOf(String) calls
  • #4273: [java] CommentDefaultAccessModifier ignoredAnnotations should include “org.junit.jupiter.api.extension.RegisterExtension” by default
  • #4357: [java] Fix IllegalStateException in UseDiamondOperator rule
  • #4487: [java] UnnecessaryConstructor: false-positive with @Inject and @Autowired
  • #4511: [java] LocalVariableCouldBeFinal shouldn’t report unused variables
  • #4512: [java] MethodArgumentCouldBeFinal shouldn’t report unused parameters
• java-design
  • #1014: [java] LawOfDemeter: False positive with lambda expression
  • #1605: [java] LawOfDemeter: False positive for standard UTF-8 charset name
  • #2160: [java] Issues with Law of Demeter
  • #2175: [java] LawOfDemeter: False positive for chained methods with generic method call
  • #2179: [java] LawOfDemeter: False positive with static property access - should treat class-level property as global object, not dot-accessed property
  • #2180: [java] LawOfDemeter: False positive with Thread and ThreadLocalRandom
  • #2182: [java] LawOfDemeter: False positive with package-private access
  • #2188: [java] LawOfDemeter: False positive with fields assigned to local vars
  • #2536: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal can’t detect inner class
  • #3668: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal - fix FP with inner private classes
  • #3754: [java] SingularField false positive with read in while condition
  • #3786: [java] SimplifyBooleanReturns should consider operator precedence
  • #4238: [java] Make LawOfDemeter not use the rulechain
  • #4254: [java] ImmutableField - false positive with Lombok @Setter
  • #4477: [java] SignatureDeclareThrowsException: false-positive with TestNG annotations
  • #4490: [java] ImmutableField - false negative with Lombok @Getter
• java-documentation
  • #4369: [java] Improve CommentSize
  • #4416: [java] Fix reported line number in CommentContentRule
• java-errorprone
  • #659: [java] MissingBreakInSwitch - last default case does not contain a break
  • #1005: [java] CloneMethodMustImplementCloneable triggers for interfaces
  • #1669: [java] NullAssignment - FP with ternay and null as constructor argument
  • #1899: [java] Recognize @SuppressWanings(“fallthrough”) for MissingBreakInSwitch
  • #2320: [java] NullAssignment - FP with ternary and null as method argument
  • #2532: [java] AvoidDecimalLiteralsInBigDecimalConstructor can not detect the case new BigDecimal(Expression)
  • #2579: [java] MissingBreakInSwitch detects the lack of break in the last case
  • #2880: [java] CompareObjectsWithEquals - false negative with type res
  • #2893: [java] Remove special cases from rule EmptyCatchBlock
  • #2894: [java] Improve MissingBreakInSwitch
  • #3071: [java] BrokenNullCheck FP with PMD 6.30.0
  • #3087: [java] UnnecessaryBooleanAssertion overlaps with SimplifiableTestAssertion
  • #3100: [java] UseCorrectExceptionLogging FP in 6.31.0
  • #3173: [java] UseProperClassLoader false positive
  • #3351: [java] ConstructorCallsOverridableMethod ignores abstract methods
  • #3400: [java] AvoidUsingOctalValues FN with underscores
  • #3843: [java] UseEqualsToCompareStrings should consider return type
  • #4356: [java] Fix NPE in CloseResourceRule
  • #4449: [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
  • #4493: [java] MissingStaticMethodInNonInstantiatableClass: false-positive about @Inject
  • #4505: [java] ImplicitSwitchFallThrough NPE in PMD 7.0.0-rc1
  • #4513: [java] UselessOperationOnImmutable various false negatives with String
  • #4514: [java] AvoidLiteralsInIfCondition false positive and negative for String literals when ignoreExpressions=true
• java-multithreading
  • #2537: [java] DontCallThreadRun can’t detect the case that call run() in this.run()
  • #2538: [java] DontCallThreadRun can’t detect the case that call run() in foo.bar.run()
  • #2577: [java] UseNotifyAllInsteadOfNotify falsely detect a special case with argument: foo.notify(bar)
  • #4483: [java] NonThreadSafeSingleton false positive with double-checked locking
• java-performance
  • #1224: [java] InefficientEmptyStringCheck false negative in anonymous class
  • #2587: [java] AvoidArrayLoops could also check for list copy through iterated List.add()
  • #2712: [java] SimplifyStartsWith false-positive with AssertJ
  • #3486: [java] InsufficientStringBufferDeclaration: Fix NPE
  • #3848: [java] StringInstantiation: false negative when using method result
• kotlin
  • #419: [kotlin] Add support for Kotlin
  • #4389: [kotlin] Update grammar to version 1.8
• swift
  • #1877: [swift] Feature/swift rules
  • #1882: [swift] UnavailableFunction Swift rule
• xml
  • #1800: [xml] Unimplement org.w3c.dom.Node from the XmlNodeWrapper

✨ External Contributions

• #1658: [core] Node support for Antlr-based languages - Matías Fraga (@matifraga)
• #1698: [core] [swift] Antlr Base Parser adapter and Swift Implementation - Lucas Soncini (@lsoncini)
• #1774: [core] Antlr visitor rules - Lucas Soncini (@lsoncini)
• #1877: [swift] Feature/swift rules - Matías Fraga (@matifraga)
• #1881: [doc] Add ANTLR documentation - Matías Fraga (@matifraga)
• #1882: [swift] UnavailableFunction Swift rule - Tomás de Lucca (@tomidelucca)
• #2830: [apex] Apexlink POC - Kevin Jones (@nawforce)
• #3866: [core] Add CLI Progress Bar - @JerritEic (@JerritEic)
• #4402: [javascript] CPD: add support for Typescript using antlr4 grammar - Paul Guyot (@pguyot)
• #4403: [julia] CPD: Add support for Julia code duplication - Wener (@wener-tiobe)
• #4412: [doc] Added new error msg to ConstantsInInterface - David Ljunggren (@dague1)
• #4428: [apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - Steven Stearns (@sfdcsteve)
• #4444: [java] CommentDefaultAccessModifier - ignore org.junit.jupiter.api.extension.RegisterExtension by default - Nirvik Patel (@nirvikpatel)
• #4450: [java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios - Seren (@mohui1999)
• #4452: [doc] Update PMD_APEX_ROOT_DIRECTORY documentation reference - nwcm (@nwcm)
• #4474: [java] ImmutableField: False positive with lombok (fixes #4254) - Pim van der Loos (@PimvanderLoos)
• #4488: [java] Fix #4477: A false-positive about SignatureDeclareThrowsException - AnnaDev (@LynnBroe)
• #4494: [java] Fix #4487: A false-positive about UnnecessaryConstructor and @Inject and @Autowired - AnnaDev (@LynnBroe)
• #4495: [java] Fix #4493: false-positive about MissingStaticMethodInNonInstantiatableClass and @Inject - AnnaDev (@LynnBroe)
• #4520: [doc] Fix typo: missing closing quotation mark after CPD-END - João Dinis Ferreira (@joaodinissf)

📈 Stats

• 4557 commits
• 572 closed tickets & PRs
• Days since last release: 35

25-March-2023 - 7.0.0-rc1

We’re excited to bring you the next major version of PMD!

Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate page with the full Detailed Release Notes for PMD 7.0.0.

Table Of Contents

• 🚀 Major Features and Enhancements
  • New official logo
  • Revamped Java module
  • Revamped Command Line Interface
  • Full Antlr support
• 🎉 Language Related Changes
  • New: Swift support
  • New: Kotlin support (experimental)
  • Changed: JavaScript support
  • Changed: Language versions
• 🌟 New and changed rules
  • New Rules
  • Changed Rules
  • Removed Rules
• 🚨 API
• 💥 Compatibility and migration notes
• 🐛 Fixed Issues
• ✨ External Contributions
• 📈 Stats

🚀 Major Features and Enhancements

New official logo

The new official logo of PMD:

Revamped Java module

• Java grammar substantially refactored - more correct regarding the Java Language Specification (JLS)
• Built-in rules have been upgraded for the changed AST
• Rewritten type resolution framework and symbol table correctly implements the JLS
• AST exposes more semantic information (method calls, field accesses)

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Clément Fournier (@oowekyala), Andreas Dangel (@adangel), Juan Martín Sotuyo Dodero (@jsotuyod)

Revamped Command Line Interface

• unified and consistent Command Line Interface for both Linux/Unix and Windows across our different utilities
• single script pmd (pmd.bat for Windows) to launch the different utilities:
  • pmd check to run PMD rules and analyze a project
  • pmd cpd to run CPD (copy paste detector)
  • pmd designer to run the PMD Rule Designer
• progress bar support for pmd check
• shell completion

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Juan Martín Sotuyo Dodero (@jsotuyod)

Full Antlr support

• Antlr based grammars can now be used to build full-fledged PMD rules.
• Previously, Antlr grammar could only be used for CPD
• New supported languages: Swift and Kotlin

For more information, see the Detailed Release Notes for PMD 7.

Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)

🎉 Language Related Changes

Note that this is just a concise listing of the highlight. For more information on the languages, see the Detailed Release Notes for PMD 7.

New: Swift support

• use PMD to analyze Swift code with PMD rules
• initially 4 built-in rules

Contributors: Lucas Soncini (@lsoncini), Matías Fraga (@matifraga), Tomás De Lucca (@tomidelucca)

New: Kotlin support (experimental)

• use PMD to analyze Kotlin code with PMD rules
• Support for Kotlin 1.8 grammar
• initially 2 built-in rules

Changed: JavaScript support

• latest version supports ES6 and also some new constructs (see Rhino])
• comments are retained

Changed: Language versions

• more predefined language versions for each supported language
• can be used to limit rule execution for specific versions only with minimumLanguageVersion and maximumLanguageVersion attributes.

🌟 New and changed rules

New Rules

Apex

• UnusedMethod finds unused methods in your code.

Java

• UnnecessaryBoxing reports boxing and unboxing conversions that may be made implicit.

Kotlin

• FunctionNameTooShort
• OverrideBothEqualsAndHashcode

Swift

• ProhibitedInterfaceBuilder
• UnavailableFunction
• ForceCast
• ForceTry

Changed Rules

Java

• UnnecessaryFullyQualifiedName: the rule has two new properties, to selectively disable reporting on static field and method qualifiers. The rule also has been improved to be more precise.
• UselessParentheses: the rule has two new properties which control how strict the rule should be applied. With ignoreClarifying (default: true) parentheses that are strictly speaking not necessary are allowed, if they separate expressions of different precedence. The other property ignoreBalancing (default: true) is similar, in that it allows parentheses that help reading and understanding the expressions.
• LooseCoupling: the rule has a new property to allow some types to be coupled to (allowedTypes).
• EmptyCatchBlock: CloneNotSupportedException and InterruptedException are not special-cased anymore. Rename the exception parameter to ignored to ignore them.
• DontImportSun: sun.misc.Signal is not special-cased anymore.
• UseDiamondOperator: the property java7Compatibility is removed. The rule now handles Java 7 properly without a property.
• SingularField: Properties checkInnerClasses and disallowNotAssignment are removed. The rule is now more precise and will check these cases properly.
• UseUtilityClass: The property ignoredAnnotations has been removed.
• LawOfDemeter: the rule has a new property trustRadius. This defines the maximum degree of trusted data. The default of 1 is the most restrictive.
• CommentContent: The properties caseSensitive and disallowedTerms are removed. The new property fobiddenRegex can be used now to define the disallowed terms with a single regular expression.

Removed Rules

Many rules, that were previously deprecated have been finally removed. See Detailed Release Notes for PMD 7 for the complete list.

🚨 API

The API of PMD has been growing over the years and needed some cleanup. The goal is, to have a clear separation between a well-defined API and the implementation, which is internal. This should help us in future development.

Also, there are some improvement and changes in different areas. For the detailed description of the changes listed here, see Detailed Release Notes for PMD 7.

• Miscellaneous smaller changes and cleanups
• XPath 3.1 support for XPath-based rules
• Node stream API for AST traversal
• Metrics framework
• Testing framework
• Language Lifecycle and Language Properties

💥 Compatibility and migration notes

See Detailed Release Notes for PMD 7.

🐛 Fixed Issues

• miscellaneous
  • #881: [all] Breaking API changes for 7.0.0
  • #896: [all] Use slf4j
  • #1431: [ui] Remove old GUI applications (designerold, bgastviewer)
  • #1451: [core] RulesetFactoryCompatibility stores the whole ruleset file in memory as a string
  • #2496: Update PMD 7 Logo on landing page
  • #2497: PMD 7 Logo page
  • #2498: Update PMD 7 Logo in documentation
  • #3797: [all] Use JUnit5
• ant
  • #4080: [ant] Split off Ant integration into a new submodule
• core
  • #880: [core] Make visitors generic
  • #1622: [core] NodeStream API
  • #1687: [core] Deprecate and Remove XPath 1.0 support
  • #1785: [core] Allow abstract node types to be valid rulechain visits
  • #1825: [core] Support NoAttribute for XPath
  • #2038: [core] Remove DCD
  • #2218: [core] isFindBoundary should not be an attribute
  • #2234: [core] Consolidate PMD CLI into a single command
  • #2239: [core] Merging Javacc build scripts
  • #2518: [core] Language properties
  • #2602: [core] Remove ParserOptions
  • #2614: [core] Upgrade Saxon, add XPath 3.1, remove Jaxen
  • #2696: [core] Remove DFA
  • #2821: [core] Rule processing error filenames are missing paths
  • #2873: [core] Utility classes in pmd 7
  • #2885: [core] Error recovery mode
  • #3203: [core] Replace RuleViolationFactory implementations with ViolationDecorator
  • #3692: [core] Analysis listeners
  • #3782: [core] Language lifecycle
  • #3815: [core] Update Saxon HE to 10.7
  • #3893: [core] Text documents
  • #3902: [core] Violation decorators
  • #3918: [core] Make LanguageRegistry non static
  • #3922: [core] Better error reporting for the ruleset parser
  • #4035: [core] ConcurrentModificationException in DefaultRuleViolationFactory
  • #4120: [core] Explicitly name all language versions
  • #4353: [core] Micro optimizations for Node API
  • #4365: [core] Improve benchmarking
  • #4420: [core] Remove PMD.EOL
• cli
  • #2234: [core] Consolidate PMD CLI into a single command
  • #3828: [core] Progress reporting
  • #4079: [cli] Split off CLI implementation into a pmd-cli submodule
• testing
  • #2435: [test] Remove duplicated Dummy language module
  • #4234: [test] Tests that change the logging level do not work

Language specific fixes:

• apex
  • #1937: [apex] Apex should only have a single RootNode
  • #1648: [apex,vf] Remove CodeClimate dependency
  • #1750: [apex] Remove apex statistical rules
  • #2836: [apex] Remove Apex ProjectMirror
  • #4427: [apex] ApexBadCrypto test failing to detect inline code
• apex-design
  • #2667: [apex] Integrate nawforce/ApexLink to build robust Unused rule
• java
  • #520: [java] Allow @SuppressWarnings with constants instead of literals
  • #864: [java] Similar/duplicated implementations for determining FQCN
  • #905: [java] Add new node for anonymous class declaration
  • #910: [java] AST inconsistency between primitive and reference type arrays
  • #997: [java] Java8 parsing corner case with annotated array types
  • #998: [java] AST inconsistencies around FormalParameter
  • #1019: [java] Breaking Java Grammar changes for PMD 7.0.0
  • #1124: [java] ImmutableList implementation in the qname codebase
  • #1128: [java] Improve ASTLocalVariableDeclaration
  • #1150: [java] ClassOrInterfaceType AST improvements
  • #1207: [java] Resolve explicit types using FQCNs, without hitting the classloader
  • #1367: [java] Parsing error on annotated inner class
  • #1661: [java] About operator nodes
  • #2366: [java] Remove qualified names
  • #2819: [java] GLB bugs in pmd 7
  • #3763: [java] Ambiguous reference error in valid code
  • #3749: [java] Improve isOverridden in ASTMethodDeclaration
  • #3750: [java] Make symbol table support instanceof pattern bindings
  • #3752: [java] Expose annotations in symbol API
  • #4237: [java] Cleanup handling of Java comments
  • #4317: [java] Some AST nodes should not be TypeNodes
  • #4359: [java] Type resolution fails with NPE when the scope is not a type declaration
  • #4367: [java] Move testrule TypeResTest into internal
• java-bestpractices
  • #342: [java] AccessorMethodGeneration: Name clash with another public field not properly handled
  • #755: [java] AccessorClassGeneration false positive for private constructors
  • #770: [java] UnusedPrivateMethod yields false positive for counter-variant arguments
  • #807: [java] AccessorMethodGeneration false positive with overloads
  • #833: [java] ForLoopCanBeForeach should consider iterating on this
  • #1189: [java] UnusedPrivateMethod false positive from inner class via external class
  • #1205: [java] Improve ConstantsInInterface message to mention alternatives
  • #1212: [java] Don’t raise JUnitTestContainsTooManyAsserts on JUnit 5’s assertAll
  • #1422: [java] JUnitTestsShouldIncludeAssert false positive with inherited @Rule field
  • #1565: [java] JUnitAssertionsShouldIncludeMessage false positive with AssertJ
  • #1747: [java] PreserveStackTrace false-positive
  • #1969: [java] MissingOverride false-positive triggered by package-private method overwritten in another package by extending class
  • #1998: [java] AccessorClassGeneration false-negative: subclass calls private constructor
  • #2130: [java] UnusedLocalVariable: false-negative with array
  • #2147: [java] JUnitTestsShouldIncludeAssert - false positives with lambdas and static methods
  • #2464: [java] LooseCoupling must ignore class literals: ArrayList.class
  • #2542: [java] UseCollectionIsEmpty can not detect the case foo.bar().size()
  • #2650: [java] UseTryWithResources false positive when AutoCloseable helper used
  • #2796: [java] UnusedAssignment false positive with call chains
  • #2797: [java] MissingOverride long-standing issues
  • #2806: [java] SwitchStmtsShouldHaveDefault false-positive with Java 14 switch non-fallthrough branches
  • #2822: [java] LooseCoupling rule: Extend to cover user defined implementations and interfaces
  • #2843: [java] Fix UnusedAssignment FP with field accesses
  • #2882: [java] UseTryWithResources - false negative for explicit close
  • #2883: [java] JUnitAssertionsShouldIncludeMessage false positive with method call
  • #2890: [java] UnusedPrivateMethod false positive with generics
  • #2946: [java] SwitchStmtsShouldHaveDefault false positive on enum inside enums
  • #3672: [java] LooseCoupling - fix false positive with generics
  • #3675: [java] MissingOverride - fix false positive with mixing type vars
• java-codestyle
  • #1208: [java] PrematureDeclaration rule false-positive on variable declared to measure time
  • #1429: [java] PrematureDeclaration as result of method call (false positive)
  • #1673: [java] UselessParentheses false positive with conditional operator
  • #1790: [java] UnnecessaryFullyQualifiedName false positive with enum constant
  • #1918: [java] UselessParentheses false positive with boolean operators
  • #2134: [java] PreserveStackTrace not handling Throwable.addSuppressed(...)
  • #2299: [java] UnnecessaryFullyQualifiedName false positive with similar package name
  • #2391: [java] UseDiamondOperator FP when expected type and constructed type have a different parameterization
  • #2528: [java] MethodNamingConventions - JUnit 5 method naming not support ParameterizedTest
  • #2739: [java] UselessParentheses false positive for string concatenation
  • #2748: [java] UnnecessaryCast false positive with unchecked cast
  • #2973: [java] New rule: UnnecessaryBoxing
  • #3195: [java] Improve rule UnnecessaryReturn to detect more cases
  • #3218: [java] Generalize UnnecessaryCast to flag all unnecessary casts
  • #3221: [java] PrematureDeclaration false positive for unused variables
  • #3238: [java] Improve ExprContext, fix FNs of UnnecessaryCast
  • #3500: [java] UnnecessaryBoxing - check for Integer.valueOf(String) calls
  • #4357: [java] Fix IllegalStateException in UseDiamondOperator rule
• java-design
  • #1014: [java] LawOfDemeter: False positive with lambda expression
  • #1605: [java] LawOfDemeter: False positive for standard UTF-8 charset name
  • #2175: [java] LawOfDemeter: False positive for chained methods with generic method call
  • #2179: [java] LawOfDemeter: False positive with static property access - should treat class-level property as global object, not dot-accessed property
  • #2180: [java] LawOfDemeter: False positive with Thread and ThreadLocalRandom
  • #2182: [java] LawOfDemeter: False positive with package-private access
  • #2188: [java] LawOfDemeter: False positive with fields assigned to local vars
  • #2536: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal can’t detect inner class
  • #3668: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal - fix FP with inner private classes
  • #3754: [java] SingularField false positive with read in while condition
  • #3786: [java] SimplifyBooleanReturns should consider operator precedence
  • #4238: [java] Make LawOfDemeter not use the rulechain
• java-documentation
  • #4369: [java] Improve CommentSize
  • #4416: [java] Fix reported line number in CommentContentRule
• java-errorprone
  • #659: [java] MissingBreakInSwitch - last default case does not contain a break
  • #1005: [java] CloneMethodMustImplementCloneable triggers for interfaces
  • #1669: [java] NullAssignment - FP with ternay and null as constructor argument
  • #1899: [java] Recognize @SuppressWanings(“fallthrough”) for MissingBreakInSwitch
  • #2320: [java] NullAssignment - FP with ternary and null as method argument
  • #2532: [java] AvoidDecimalLiteralsInBigDecimalConstructor can not detect the case new BigDecimal(Expression)
  • #2579: [java] MissingBreakInSwitch detects the lack of break in the last case
  • #2880: [java] CompareObjectsWithEquals - false negative with type res
  • #2893: [java] Remove special cases from rule EmptyCatchBlock
  • #2894: [java] Improve MissingBreakInSwitch
  • #3071: [java] BrokenNullCheck FP with PMD 6.30.0
  • #3087: [java] UnnecessaryBooleanAssertion overlaps with SimplifiableTestAssertion
  • #3100: [java] UseCorrectExceptionLogging FP in 6.31.0
  • #3173: [java] UseProperClassLoader false positive
  • #3351: [java] ConstructorCallsOverridableMethod ignores abstract methods
  • #3400: [java] AvoidUsingOctalValues FN with underscores
  • #4356: [java] Fix NPE in CloseResourceRule
• java-multithreading
  • #2537: [java] DontCallThreadRun can’t detect the case that call run() in this.run()
  • #2538: [java] DontCallThreadRun can’t detect the case that call run() in foo.bar.run()
  • #2577: [java] UseNotifyAllInsteadOfNotify falsely detect a special case with argument: foo.notify(bar)
• java-performance
  • #1224: [java] InefficientEmptyStringCheck false negative in anonymous class
  • #2587: [java] AvoidArrayLoops could also check for list copy through iterated List.add()
  • #2712: [java] SimplifyStartsWith false-positive with AssertJ
  • #3486: [java] InsufficientStringBufferDeclaration: Fix NPE
• kotlin
  • #419: [kotlin] Add support for Kotlin
  • #4389: [kotlin] Update grammar to version 1.8
• swift
  • #1877: [swift] Feature/swift rules
  • #1882: [swift] UnavailableFunction Swift rule
• xml
  • #1800: [xml] Unimplement org.w3c.dom.Node from the XmlNodeWrapper

✨ External Contributions

• #1658: [core] Node support for Antlr-based languages - Matías Fraga (@matifraga)
• #1698: [core] [swift] Antlr Base Parser adapter and Swift Implementation - Lucas Soncini (@lsoncini)
• #1774: [core] Antlr visitor rules - Lucas Soncini (@lsoncini)
• #1877: [swift] Feature/swift rules - Matías Fraga (@matifraga)
• #1881: [doc] Add ANTLR documentation - Matías Fraga (@matifraga)
• #1882: [swift] UnavailableFunction Swift rule - Tomás de Lucca (@tomidelucca)
• #2830: [apex] Apexlink POC - Kevin Jones (@nawforce)
• #3866: [core] Add CLI Progress Bar - @JerritEic (@JerritEic)
• #4412: [doc] Added new error msg to ConstantsInInterface - David Ljunggren (@dague1)
• #4428: [apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - Steven Stearns (@sfdcsteve)

📈 Stats

• 4416 commits
• 464 closed tickets & PRs
• Days since last release: 28

25-February-2023 - 6.55.0

The PMD team is pleased to announce PMD 6.55.0.

This is a minor release.

Table Of Contents

• New and noteworthy
  • PMD 7 Development
  • Java 20 Support
  • T-SQL support
• Fixed Issues
• API Changes
  • Go
  • Java
• External Contributions
• Stats

New and noteworthy

PMD 7 Development

This release is the last planned release of PMD 6. The first version 6.0.0 was released in December 2017. Over the course of more than 5 years we published almost every month a new minor version of PMD 6 with new features and improvements.

Already in November 2018 we started in parallel the development of the next major version 7.0.0, and we are now in the process of finalizing the scope of the major version. We want to release a couple of release candidates before publishing the final version 7.0.0.

We plan to release 7.0.0-rc1 soon. You can see the progress in PMD 7 Tracking Issue #3898.

Java 20 Support

This release of PMD brings support for Java 20. There are no new standard language features.

PMD supports JEP 433: Pattern Matching for switch (Fourth Preview) and JEP 432: Record Patterns (Second Preview) as preview language features.

In order to analyze a project with PMD that uses these language features, you’ll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 20-preview:

export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd --use-version java-20-preview ...

T-SQL support

Thanks to the contribution from Paul Guyot PMD now has CPD support for T-SQL (Transact-SQL).

Being based on a proper Antlr grammar, CPD can:

• ignore comments
• honor comment-based suppressions

Fixed Issues

• core
  • #4395: [core] Support environment variable CLASSPATH with pmd.bat under Windows
• java
  • #4333: [java] Support JDK 20
• java-errorprone
  • #4393: [java] MissingStaticMethodInNonInstantiatableClass false-positive for Lombok’s @UtilityClass for classes with non-private fields

API Changes

Go

• The LanguageModule of Go, that only supports CPD execution, has been deprecated. This language is not fully supported by PMD, so having a language module does not make sense. The functionality of CPD is not affected by this change. The following class has been deprecated and will be removed with PMD 7.0.0:
  • GoLanguageModule

Java

• Support for Java 18 preview language features have been removed. The version “18-preview” is no longer available.
• The experimental class net.sourceforge.pmd.lang.java.ast.ASTGuardedPattern has been removed.

External Contributions

• #4384: [swift] Add more swift 5.x support (#unavailable mainly) - Richard B. (@kenji21)
• #4390: Add support for T-SQL using Antlr4 lexer - Paul Guyot (@pguyot)
• #4392: [java] Fix #4393 MissingStaticMethodInNonInstantiatableClass: Fix false-positive for field-only class - Dawid Ciok (@dawiddc)

Stats

• 40 commits
• 11 closed tickets & PRs
• Days since last release: 28

28-January-2023 - 6.54.0

The PMD team is pleased to announce PMD 6.54.0.

This is a minor release.

Table Of Contents

• New and noteworthy
  • New report format html-report-v2.xslt
• Fixed Issues
• API Changes
  • PMD CLI
  • Deprecated APIs
    • For removal
    • Internal APIs
    • Experimental APIs
• External Contributions
• Stats

New and noteworthy

New report format html-report-v2.xslt

Thanks to @mohan-chinnappan-n a new PMD report format has been added which features a data table with charting functions. It uses an XSLT stylesheet to convert PMD’s XML format into HTML.

See the example report.

Fixed Issues

• apex-bestpractices
  • #2669: [apex] UnusedLocalVariable false positive in dynamic SOQL
• core
  • #4026: [cli] Filenames printed as absolute paths in the report despite parameter --short-names
  • #4279: [core] Can not set ruleset property value to empty
  • #4329: [core] Refactor usage of snakeyaml
  • #4340: [core] Allow to filter found matches in CPDReport
• java
  • #4364: [java] Parsing error with textblock containing quote followed by two backslashes
• testing
  • #4236: [test] kotest logs look broken

API Changes

PMD CLI

• PMD now supports a new --relativize-paths-with flag (or short -z), which replaces --short-names. It serves the same purpose: Shortening the pathnames in the reports. However, with the new flag it’s possible to explicitly define one or more pathnames that should be used as the base when creating relative paths. The old flag --short-names is deprecated.

Deprecated APIs

For removal

• ApexRootNode#getApexVersion has been deprecated for removal. The version returned is always Version.CURRENT, as the apex compiler integration doesn’t use additional information which Apex version actually is used. Therefore, this method can’t be used to determine the Apex version of the project that is being analyzed.
• CPDConfiguration#setEncoding and CPDConfiguration#getEncoding. Use the methods getSourceEncoding and setSourceEncoding instead. Both are available for CPDConfiguration which extends AbstractConfiguration.
• BaseCLITest and BaseCPDCLITest have been deprecated for removal without replacement. CLI tests should be done in pmd-core only (and in PMD7 in pmd-cli). Individual language modules shouldn’t need to test the CLI integration logic again. Instead, the individual language modules should test their functionality as unit tests.

• CPDConfiguration.LanguageConverter

• FileCollector#addZipFile has been deprecated. It is replaced by FileCollector#addZipFileWithContent which directly adds the content of the zip file for analysis.

• PMDConfiguration#setReportShortNames and PMDConfiguration#isReportShortNames have been deprecated for removal. Use PMDConfiguration#addRelativizeRoot instead.

Internal APIs

• CSVWriter
• Some fields in AbstractAntTestHelper

Experimental APIs

• CPDReport has a new method which limited mutation of a given report:
  • filterMatches creates a new CPD report with some matches removed with a given predicate based filter.

External Contributions

• #4110: [apex] Feature/unused variable bind false positive with dynamic SOQL - Thomas Prouvot (@tprouvot)
• #4125: [core] New report format html-report-v2.xslt to provide html with datatable and chart features - Mohan Chinnappan - (@mohan-chinnappan-n)
• #4280: [apex] Deprecate ApexRootNode.getApexVersion - Aaron Hurst (@aaronhurst-google)
• #4285: [java] CommentDefaultAccessModifier - add co.elastic.clients.util.VisibleForTesting as default suppressed annotation - Matthew Luckam (@mluckam)

Stats

• 107 commits
• 19 closed tickets & PRs
• Days since last release: 27

31-December-2022 - 6.53.0

The PMD team is pleased to announce PMD 6.53.0.

This is a minor release.

Table Of Contents

• New and noteworthy
  • Modified rules
  • Deprecated rules
• Fixed Issues
• API Changes
  • Deprecated APIs
    • For removal
• External Contributions
• Stats

New and noteworthy

Modified rules

• The Java rule UnusedPrivateField has a new property reportForAnnotations. This is a list of fully qualified names of the annotation types that should be reported anyway. If an unused field has any of these annotations, then it is reported. If it has any other annotation, then it is still considered to be used and is not reported.

Deprecated rules

• The Java rules ExcessiveClassLength and ExcessiveMethodLength have been deprecated. The rule NcssCount can be used instead. The deprecated rules will be removed with PMD 7.0.0.

• The Java rule EmptyStatementNotInLoop is deprecated. Use the rule UnnecessarySemicolon instead. Note: Actually it was announced to be deprecated since 6.46.0 but the rule was not marked as deprecated yet. This has been done now.

Fixed Issues

• core
  • #4248: [core] Can’t analyze sources in zip files
• apex-security
  • #4146: [apex] ApexCRUDViolation: Recognize User Mode in SOQL + DML
• java
  • #4266: [java] PMD fails to process a record with lambda in compact constructor
• java-bestpractices
  • #4166: [java] UnusedPrivateField doesn’t find annotated unused private fields anymore
  • #4250: [java] WhileLoopWithLiteralBoolean - false negative with complex expressions still occurs in PMD 6.52.0
• java-design
  • #2127: [java] Deprecate rules ExcessiveClassLength and ExcessiveMethodLength
• java-errorprone
  • #4164: [java][doc] AvoidAssertAsIdentifier and AvoidEnumAsIdentifier - clarify use case
• java-multithreading
  • #4210: [java] DoNotUseThreads report duplicate warnings

API Changes

Deprecated APIs

For removal

These classes / APIs have been deprecated and will be removed with PMD 7.0.0.

• ExcessiveLengthRule (Java)

External Contributions

• #4244: [apex] ApexCRUDViolation: user mode and system mode with test cases added - Tarush Singh (@Tarush-Singh35)
• #4274: [java] Fix finding lambda scope in record compact constructor - kdebski85 (@kdebski85)

Stats

• 43 commits
• 17 closed tickets & PRs
• Days since last release: 35

26-November-2022 - 6.52.0

The PMD team is pleased to announce PMD 6.52.0.

This is a minor release.

Table Of Contents

• New and noteworthy
  • New rules
  • Renamed rules
  • Modified rules
• Fixed Issues
• API Changes
  • PMD CLI
  • CPD CLI
  • Linux run.sh parameters
  • Deprecated API
• External Contributions
• Stats

New and noteworthy

New rules

• The new Java rule InvalidJavaBean identifies beans, that don’t follow the JavaBeans API specification, like beans with missing getters or setters.

<rule ref="category/java/design.xml/InvalidJavaBean"/>

Renamed rules

• The Java rule BeanMembersShouldSerialize has been renamed to NonSerializableClass. It has been revamped to only check for classes that are marked with Serializable and reports each field in it, that is not serializable.

  The property prefix has been deprecated, since in a serializable class all fields have to be serializable regardless of the name.

Modified rules

• The rule ClassNamingConventions has a new property testClassPattern, which is applied to test classes. By default, test classes should end with the suffix “Test”. Test classes are top-level classes, that either inherit from JUnit 3 TestCase or have at least one method annotated with the Test annotations from JUnit4/5 or TestNG.

• The property ignoredAnnotations of rule ImmutableField has been deprecated and doesn’t have any effect anymore. Since PMD 6.47.0, the rule only considers fields, that are initialized once and never changed. If the field is just declared but never explicitly initialized, it won’t be reported. That’s the typical case when a framework sets the field value by reflection. Therefore, the property is not needed anymore. If there is a special case where this rule misidentifies fields as immutable, then the rule should be suppressed for these fields explicitly.

Fixed Issues

• cli
  • #4215: NullPointerException when trying to open designer
• doc
  • #4207: [doc] List all languages in rule doc
• java
  • #3643: [java] More parser edge cases
  • #4152: [java] Parse error on array type annotations
• java-codestyle
  • #2867: [java] Separate pattern for test classes in ClassNamingConventions rule for Java
  • #4201: [java] CommentDefaultAccessModifier should consider lombok’s @Value
• java-design
  • #4175: [java] ImmutableField - deprecate property ignoredAnnotations
  • #4177: [java] New Rule InvalidJavaBean
  • #4188: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal false positive with Lombok’s @NoArgsConstructor
  • #4189: [java] AbstractClassWithoutAnyMethod should consider lombok’s @AllArgsConstructor
  • #4200: [java] ClassWithOnlyPrivateConstructorsShouldBeFinal should consider lombok’s @Value
• java-errorprone
  • #1668: [java] BeanMembersShouldSerialize is extremely noisy
  • #4172: [java] InvalidLogMessageFormat false positive on externally formatted strings
  • #4174: [java] MissingStaticMethodInNonInstantiatableClass does not consider nested builder class
  • #4176: [java] Rename BeanMembersShouldSerialize to NonSerializableClass
  • #4185: [java] InvalidLogMessageFormat rule produces a NPE
  • #4224: [java] MissingStaticMethodInNonInstantiatableClass should consider Lombok’s @UtilityClass
  • #4225: [java] MissingStaticMethodInNonInstantiatableClass should consider Lombok’s @NoArgsConstructor
• java-performance
  • #4183: [java] AvoidArrayLoops regression: from false negative to false positive with final variables

API Changes

PMD CLI

• PMD now supports a new --use-version flag, which receives a language-version pair (such as java-8 or apex-54). This supersedes the usage of -language / -l and -version / -v, allowing for multiple versions to be set in a single run. PMD 7 will completely remove support for -language and -version in favor of this new flag.

• Support for -V is being deprecated in favor of --verbose in preparation for PMD 7. In PMD 7, -v will enable verbose mode and -V will show the PMD version for consistency with most Unix/Linux tools.

• Support for -min is being deprecated in favor of --minimum-priority for consistency with most Unix/Linux tools, where -min would be equivalent to -m -i -n.

CPD CLI

• CPD now supports using -d or --dir as an alias to --files, in favor of consistency with PMD. PMD 7 will remove support for --files in favor of these new flags.

Linux run.sh parameters

• Using run.sh cpdgui will now warn about it being deprecated. Use run.sh cpd-gui instead.

• The old designer (run.sh designerold) is completely deprecated and will be removed in PMD 7. Switch to the new JavaFX designer: run.sh designer.

• The old visual AST viewer (run.sh bgastviewer) is completely deprecated and will be removed in PMD 7. Switch to the new JavaFX designer: run.sh designer for a visual tool, or use run.sh ast-dump for a text-based alternative.

Deprecated API

• The following core APIs have been marked as deprecated for removal in PMD 7:
  • PMD and PMD.StatusCode - PMD 7 will ship with a revamped CLI split from pmd-core. To programmatically launch analysis you can use PmdAnalysis.
  • PMDConfiguration#getAllInputPaths - It is now superseded by PMDConfiguration#getInputPathList
  • PMDConfiguration#setInputPaths - It is now superseded by PMDConfiguration#setInputPathList
  • PMDConfiguration#addInputPath - It is now superseded by PMDConfiguration#addInputPath
  • PMDConfiguration#getInputFilePath - It is now superseded by PMDConfiguration#getInputFile
  • PMDConfiguration#getIgnoreFilePath - It is now superseded by PMDConfiguration#getIgnoreFile
  • PMDConfiguration#setInputFilePath - It is now superseded by PMDConfiguration#setInputFilePath
  • PMDConfiguration#setIgnoreFilePath - It is now superseded by PMDConfiguration#setIgnoreFilePath
  • PMDConfiguration#getInputUri - It is now superseded by PMDConfiguration#getUri
  • PMDConfiguration#setInputUri - It is now superseded by PMDConfiguration#setInputUri
  • PMDConfiguration#getReportFile - It is now superseded by PMDConfiguration#getReportFilePath
  • PMDConfiguration#setReportFile - It is now superseded by PMDConfiguration#setReportFile
  • PMDConfiguration#isStressTest and PMDConfiguration#setStressTest - Will be removed with no replacement.
  • PMDConfiguration#isBenchmark and PMDConfiguration#setBenchmark - Will be removed with no replacement, the CLI will still support it.
  • CPD and CPD.StatusCode - PMD 7 will ship with a revamped CLI split from pmd-core. An alterative to programatically launch CPD analysis will be added in due time.
• In order to reduce the dependency on Apex Jorje classes, the method DataType#fromBasicType has been deprecated. The equivalent method fromTypeName should be used instead.

External Contributions

• #4184: [java][doc] TestClassWithoutTestCases - fix small typo in description - Valery Yatsynovich (@valfirst)
• #4198: [doc] Add supported CPD languages - Jeroen van Wilgenburg (@jvwilge)
• #4202: [java] Fix #4200 and #4201: ClassWithOnlyPrivateConstructorsShouldBeFinal, CommentDefaultAccessModifier: Exclude lombok @Value annotation - Lynn (@LynnBroe)
• #4205: [doc] Clarify Scala support (no built-in rules) - Eldrick Wega (@Eldrick19)
• #4226: [visualforce] Replace uses of Jorje types in pmd-visualforce - Aaron Hurst (@aaronhurst-google)
• #4227: [java] Fix #4225 MissingStaticMethodInNonInstantiatableClass: Exclude lombok’s @NoArgsConstructor annotation - Lynn (@LynnBroe)
• #4228: [java] Fix #4224 MissingStaticMethodInNonInstantiatableClass: Exclude lombok’s UtilityClass - Lynn (@LynnBroe)
• #4232: [doc] Fixing typos - Andreas Deininger (@deining)

Stats

• 96 commits
• 40 closed tickets & PRs
• Days since last release: 28

29-October-2022 - 6.51.0

The PMD team is pleased to announce PMD 6.51.0.

This is a minor release.

Table Of Contents

• New and noteworthy
  • New Rules
  • Modified Rules
• Fixed Issues
• API Changes
• External Contributions
• Stats

New and noteworthy

New Rules

• The new Apex rule ApexUnitTestClassShouldHaveRunAs ensures that unit tests use System.runAs() at least once. This makes the tests more robust, and independent from the user running it.

<rule ref="category/apex/bestpractices.xml/ApexUnitTestClassShouldHaveRunAs"/>

The rule is part of the quickstart.xml ruleset.

Modified Rules

• The Java rule TestClassWithoutTestCases has a new property testClassPattern. This is used to detect empty test classes by name. Previously this rule could only detect empty JUnit3 test cases properly. To switch back to the old behavior, this property can be set to an empty value which disables the test class detection by pattern.

Fixed Issues

• apex
  • #4149: [apex] New rule: ApexUnitTestClassShouldHaveRunAs
• doc
  • #4144: [doc] Update docs to reflect supported languages
  • #4163: [doc] Broken links on page “Architecture Decisions”
• java-bestpractices
  • #4140: [java] [doc] AccessorClassGeneration violations hidden with Java 11
• java-codestyle
  • #4139: [java] UnnecessaryFullyQualifiedName FP when the same simple class name exists in the current package
• java-documentation
  • #4141: [java] UncommentedEmptyConstructor FP when constructor annotated with @Autowired
• java-performance
  • #1167: [java] AvoidArrayLoops false positive on double assignment
  • #2080: [java] StringToString rule false-positive with field access
  • #2692: [java] [doc] AvoidArrayLoops flags copy assignment in same array as sub-optimal
  • #3437: [java] StringToString doesn’t trigger on Bar.class.getSimpleName().toString()
  • #3681: [java] StringToString doesn’t trigger on string literals
  • #3847: [java] AvoidArrayLoops should consider final variables
  • #3977: [java] StringToString false-positive with local method name confusion
  • #4091: [java] AvoidArrayLoops false negative with do-while loops
  • #4148: [java] UseArrayListInsteadOfVector ignores Vector when other classes are imported
• java-errorprone
  • #929: [java] Inconsistent results with TestClassWithoutTestCases
  • #2636: [java] TestClassWithoutTestCases false positive with JUnit5 ParameterizedTest
• javascript
  • #4165: [javascript] InaccurateNumericLiteral underscore separator notation false positive

API Changes

No changes.

External Contributions

• #4142: [java] fix #4141 Update UncommentedEmptyConstructor - ignore @Autowired annotations - Lynn (@LynnBroe)
• #4147: [java] Added support for Do-While for AvoidArrayLoops - Yasar Shaikh (@yasarshaikh)
• #4150: [apex] New rule ApexUnitTestClassShouldHaveRunAs #4149 - Thomas Prouvot (@tprouvot)

Stats

• 63 commits
• 28 closed tickets & PRs
• Days since last release: 28

30-September-2022 - 6.50.0

The PMD team is pleased to announce PMD 6.50.0.

This is a minor release.

Table Of Contents

• New and noteworthy
  • Lua now supports additionally Luau
  • Modified rules
• Fixed Issues
• API Changes
  • CPD CLI
• Financial Contributions
• External Contributions
• Stats

New and noteworthy

Lua now supports additionally Luau

This release of PMD adds support for Luau, a gradually typed language derived from Lua. This means, that the Lua language in PMD can now parse both Lua and Luau.

Modified rules

• The Java rule UnusedPrivateField now ignores private fields, if the fields are annotated with any annotation or the enclosing class has any annotation. Annotations often enable a framework (such as dependency injection, mocking or e.g. Lombok) which use the fields by reflection or other means. This usage can’t be detected by static code analysis. Previously these frameworks where explicitly allowed by listing their annotations in the property “ignoredAnnotations”, but that turned out to be prone of false positive for any not explicitly considered framework. That’s why the property “ignoredAnnotations” has been deprecated for this rule.
• The Java rule CommentDefaultAccessModifier now by default ignores JUnit5 annotated methods. This behavior can be customized using the property ignoredAnnotations.

Fixed Issues

• cli
  • #4118: [cli] run.sh designer reports “integer expression expected”
• core
  • #4116: [core] Missing –file arg in TreeExport CLI example
• doc
  • #4072: [doc] Add architecture decision records
  • #4109: [doc] Add page for 3rd party rulesets
  • #4124: [doc] Fix typos in Java rule docs
• java
  • #3431: [java] Add sample java project to regression-tester which uses new language constructs
• java-bestpractices
  • #4033: [java] UnusedPrivateField - false positive with Lombok @ToString.Include
  • #4037: [java] UnusedPrivateField - false positive with Spring @SpyBean
• java-codestyle
  • #3859: [java] CommentDefaultAccessModifier is triggered in JUnit5 test class
  • #4085: [java] UnnecessaryFullyQualifiedName false positive when nested and non-nested classes with the same name and in the same package are used together
  • #4133: [java] UnnecessaryFullyQualifiedName - FP for inner class pkg.ClassA.Foo implementing pkg.Foo
• java-design
  • #4090: [java] FinalFieldCouldBeStatic false positive with non-static synchronized block (regression in 6.48, worked with 6.47)
• java-errorprone
  • #1718: [java] ConstructorCallsOverridableMethod false positive when calling super method
  • #2348: [java] ConstructorCallsOverridableMethod occurs when unused overloaded method is defined
  • #4099: [java] ConstructorCallsOverridableMethod should consider method calls with var access
• scala
  • #4138: [scala] Upgrade scala-library to 2.12.7 / 2.13.9 and scalameta to 4.6.0

API Changes

CPD CLI

• CPD now supports the --ignore-literal-sequences argument when analyzing Lua code.

Financial Contributions

Many thanks to our sponsors:

• Oliver Siegmar (@osiegmar)

External Contributions

• #4066: [lua] Add support for Luau syntax and skipping literal sequences in CPD - Matt Hargett (@matthargett)
• #4100: [java] Update UnusedPrivateFieldRule - ignore any annotations - Lynn (@LynnBroe)
• #4116: [core] Fix missing –file arg in TreeExport CLI example - mohan-chinnappan-n (@mohan-chinnappan-n)
• #4124: [doc] Fix typos in Java rule docs - Piotrek Żygieło (@pzygielo)
• #4128: [java] Fix False-positive UnnecessaryFullyQualifiedName when nested and non-nest… #4103 - Oleg Andreych (@OlegAndreych)
• #4130: [ci] GitHub Workflows security hardening - Alex (@sashashura)
• #4131: [doc] TooFewBranchesForASwitchStatement - Use “if-else” instead of “if-then” - Suvashri (@Suvashri)
• #4137: [java] Fixes 3859: Exclude junit5 test methods from the commentDefaultAccessModifierRule - Luis Alcantar (@lfalcantar)

Stats

• 100 commits
• 26 closed tickets & PRs
• Days since last release: 29

31-August-2022 - 6.49.0

The PMD team is pleased to announce PMD 6.49.0.

This is a minor release.

Table Of Contents

• New and noteworthy
  • Updated PMD Designer
• Fixed Issues
• API Changes
  • Deprecated API
• External Contributions
• Stats

New and noteworthy

Updated PMD Designer

This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.

Fixed Issues

• apex
  • #4096: [apex] ApexAssertionsShouldIncludeMessage and ApexUnitTestClassShouldHaveAsserts: support new Assert class (introduced with Apex v56.0)
• core
  • #3970: [core] FileCollector.addFile ignores language parameter
• java-codestyle
  • #4082: [java] UnnecessaryImport false positive for on-demand imports of nested classes

API Changes

Deprecated API

• In order to reduce the dependency on Apex Jorje classes, the following methods have been deprecated. These methods all leaked internal Jorje enums. These enums have been replaced now by enums the PMD’s AST package.
  • ASTAssignmentExpression#getOperator
  • ASTBinaryExpression#getOperator
  • ASTBooleanExpression#getOperator
  • ASTPostfixExpression#getOperator
  • ASTPrefixExpression#getOperator

  All these classes have now a new getOp() method. Existing code should be refactored to use this method instead. It returns the new enums, like AssignmentOperator, and avoids the dependency to Jorje.

External Contributions

• #4081: [apex] Remove Jorje leaks outside ast package - @eklimo
• #4083: [java] UnnecessaryImport false positive for on-demand imports of nested classes (fix for #4082) - @abyss638
• #4092: [apex] Implement ApexQualifiableNode for ASTUserEnum - @aaronhurst-google
• #4095: [core] CPD: Added begin and end token to XML reports - @pacvz
• #4097: [apex] ApexUnitTestClassShouldHaveAssertsRule: Support new Assert class (Apex v56.0) - @tprouvot
• #4104: [doc] Add MegaLinter in the list of integrations - @nvuillam

Stats

• 49 commits
• 10 closed tickets & PRs
• Days since last release: 32

30-July-2022 - 6.48.0

The PMD team is pleased to announce PMD 6.48.0.

This is a minor release.

Table Of Contents

• New and noteworthy
  • Java 19 Support
  • Gherkin support
• Fixed Issues
• API Changes
  • CPD CLI
  • Rule Test Framework
  • Deprecated API
  • Experimental APIs
  • Internal API
• Financial Contributions
• External Contributions
• Stats

New and noteworthy

Java 19 Support

This release of PMD brings support for Java 19. There are no new standard language features.

PMD supports JEP 427: Pattern Matching for switch (Third Preview) and JEP 405: Record Patterns (Preview) as preview language features.

In order to analyze a project with PMD that uses these language features, you’ll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 19-preview:

export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 19-preview ...

Note: Support for Java 17 preview language features have been removed. The version “17-preview” is no longer available.

Gherkin support

Thanks to the contribution from Anne Brouwers PMD now has CPD support for the Gherkin language. It is used to defined test cases for the Cucumber testing tool for behavior-driven development.

Being based on a proper Antlr grammar, CPD can:

• ignore comments
• honor comment-based suppressions

Fixed Issues

• apex
  • #4056: [apex] ApexSOQLInjection: Add support count query
• core
  • #3796: [core] CPD should also provide a --debug flag
  • #4021: [core] CPD: Add total number of tokens to XML reports
  • #4031: [core] If report is written to stdout, stdout should not be closed
  • #4051: [doc] Additional rulesets are not listed in documentation
  • #4053: [core] Allow building PMD under Java 18+
• java
  • #4015: [java] Support JDK 19
• java-bestpractices
  • #3455: [java] WhileLoopWithLiteralBoolean - false negative with complex expressions
• java-design
  • #3729: [java] TooManyMethods ignores “real” methods which are named like getters or setters
  • #3949: [java] FinalFieldCouldBeStatic - false negative with unnecessary parenthesis
• java-performance
  • #3625: [java] AddEmptyString - false negative with empty var
• lua
  • #4061: [lua] Fix several related Lua parsing issues found when using CPD
• test
  • #3302: [test] Improve xml test schema
  • #3758: [test] Move pmd-test to java 8
  • #3976: [test] Extract xml schema module

API Changes

CPD CLI

• CPD has a new CLI option --debug. This option has the same behavior as in PMD. It enables more verbose logging output.

Rule Test Framework

• The module “pmd-test”, which contains support classes to write rule tests, now requires Java 8. If you depend on this module for testing your own custom rules, you’ll need to make sure to use at least Java 8.
• The new module “pmd-test-schema” contains now the XSD schema and the code to parse the rule test XML files. The schema has been extracted in order to easily share it with other tools like the Rule Designer or IDE plugins.
• Test schema changes:
  • The attribute isRegressionTest of test-code is deprecated. The new attribute disabled should be used instead for defining whether a rule test should be skipped or not.
  • The attributes reinitializeRule and useAuxClasspath of test-code are deprecated and assumed true. They will not be replaced.
  • The new attribute focused of test-code allows disabling all tests except the focused one temporarily.
• More information about the rule test framework can be found in the documentation: Testing your rules

Deprecated API

• The experimental Java AST class ASTGuardedPattern has been deprecated and will be removed. It was introduced for Java 17 and Java 18 Preview as part of pattern matching for switch, but it is no longer supported with Java 19 Preview.
• The interface CPDRenderer is deprecated. For custom CPD renderers the new interface CPDReportRenderer should be used.
• The class TestDescriptor is deprecated, replaced with RuleTestDescriptor.
• Many methods of RuleTst have been deprecated as internal API.

Experimental APIs

• To support the Java preview language features “Pattern Matching for Switch” and “Record Patterns”, the following AST nodes have been introduced as experimental:
  • ASTSwitchGuard
  • ASTRecordPattern
  • ASTComponentPatternList

Internal API

Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0. You can identify them with the @InternalApi annotation. You’ll also get a deprecation warning.

• CPDConfiguration#setRenderer
• CPDConfiguration#setCPDRenderer
• CPDConfiguration#getRenderer
• CPDConfiguration#getCPDRenderer
• CPDConfiguration#getRendererFromString
• CPDConfiguration#getCPDRendererFromString
• CPDRendererAdapter

Financial Contributions

Many thanks to our sponsors:

• Matt Hargett (@matthargett)

External Contributions

• #3984: [java] Fix AddEmptyString false-negative issue - @LiGaOg
• #3988: [java] Modify WhileLoopWithLiteralBoolean to meet the missing case #3455 - @VoidxHoshi
• #3992: [java] FinalFieldCouldBeStatic - fix false negative with unnecessary parenthesis - @dalizi007
• #3994: [java] TooManyMethods - improve getter/setter detection (#3729) - @341816041
• #4017: Add Gherkin support to CPD - @ASBrouwers
• #4021: [core] CPD: Add total number of tokens to XML reports - @maikelsteneker
• #4056: [apex] ApexSOQLInjection: Add support count query - @gwilymatgearset
• #4061: [lua] Fix several related Lua parsing issues found when using CPD - @matthargett

Stats

• 102 commits
• 26 closed tickets & PRs
• Days since last release: 35

25-June-2022 - 6.47.0

The PMD team is pleased to announce PMD 6.47.0.

This is a minor release.

Table Of Contents

• Fixed Issues
• API Changes
• External Contributions
• Stats

Fixed Issues

• core
  • #3999: [cli] All files are analyzed despite parameter --file-list
  • #4009: [core] Cannot build PMD with Temurin 17
• java-bestpractices
  • #3824: [java] UnusedPrivateField: Do not flag fields annotated with @Version
  • #3825: [java] UnusedPrivateField: Do not flag fields annotated with @Id or @EmbeddedId
• java-design
  • #3823: [java] ImmutableField: Do not flag fields in @Entity
  • #3981: [java] ImmutableField reports fields annotated with @Value (Spring)
  • #3998: [java] ImmutableField reports fields annotated with @Captor (Mockito)
  • #4004: [java] ImmutableField reports fields annotated with @GwtMock (GwtMockito) and @Spy (Mockito)
  • #4008: [java] ImmutableField not reporting fields that are only initialized in the declaration
  • #4011: [java] ImmutableField: Do not flag fields annotated with @Inject
  • #4020: [java] ImmutableField reports fields annotated with @FindBy and @FindBys (Selenium)
• java-errorprone
  • #3936: [java] AvoidFieldNameMatchingMethodName should consider enum class
  • #3937: [java] AvoidDuplicateLiterals - uncompilable test cases

API Changes

No changes.

External Contributions

• #3985: [java] Fix false negative problem about Enum in AvoidFieldNameMatchingMethodName #3936 - @Scrsloota
• #3993: [java] AvoidDuplicateLiterals - Add the method “buz” definition to test cases - @dalizi007
• #4002: [java] ImmutableField - Ignore fields annotated with @Value (Spring) or @Captor (Mockito) - @jjlharrison
• #4003: [java] UnusedPrivateField - Ignore fields annotated with @Id/@EmbeddedId/@Version (JPA) or @Mock/@Spy/@MockBean (Mockito/Spring) - @jjlharrison
• #4006: [doc] Fix eclipse plugin update site URL - @shiomiyan
• #4010: [core] Bump kotlin to version 1.7.0 - @maikelsteneker

Stats

• 45 commits
• 23 closed tickets & PRs
• Days since last release: 27

28-May-2022 - 6.46.0

The PMD team is pleased to announce PMD 6.46.0.

This is a minor release.

Table Of Contents

• New and noteworthy
  • CLI improvements
  • C# Improvements
  • New Rules
  • Deprecated Rules
• Fixed Issues
• API Changes
  • Deprecated ruleset references
  • Deprecated API
  • Internal API
• External Contributions
• Stats

New and noteworthy

CLI improvements

The PMD CLI now allows repeating the --dir (-d) and --rulesets (-R) options, as well as providing several space-separated arguments to either of them. For instance:

pmd -d src/main/java src/test/java -R rset1.xml -R rset2.xml

This also allows globs to be used on the CLI if your shell supports shell expansion. For instance, the above can be written

pmd -d src/*/java -R rset*.xml

Please use theses new forms instead of using comma-separated lists as argument to these options.

C# Improvements

When executing CPD on C# sources, the option --ignore-annotations is now supported as well. It ignores C# attributes when detecting duplicated code. This option can also be enabled via the CPD GUI. See #3974 for details.

New Rules

This release ships with 2 new Java rules.

• EmptyControlStatement reports many instances of empty things, e.g. control statements whose body is empty, as well as empty initializers.

  EmptyControlStatement also works for empty for and do loops, while there were previously no corresponding rules.

  This new rule replaces the rules EmptyFinallyBlock, EmptyIfStmt, EmptyInitializer, EmptyStatementBlock, EmptySwitchStatements, EmptySynchronizedBlock, EmptyTryBlock, and EmptyWhileStmt.

<rule ref="category/java/codestyle.xml/EmptyControlStatement"/>

The rule is part of the quickstart.xml ruleset.

• UnnecessarySemicolon reports semicolons that are unnecessary (so called “empty statements” and “empty declarations”).

  This new rule replaces the rule EmptyStatementNotInLoop.

<rule ref="category/java/codestyle.xml/UnnecessarySemicolon"/>

The rule is part of the quickstart.xml ruleset.

Deprecated Rules

• The following Java rules are deprecated and removed from the quickstart ruleset, as the new rule EmptyControlStatement merges their functionality:
  • EmptyFinallyBlock
  • EmptyIfStmt
  • EmptyInitializer
  • EmptyStatementBlock
  • EmptySwitchStatements
  • EmptySynchronizedBlock
  • EmptyTryBlock
  • EmptyWhileStmt
• The Java rule EmptyStatementNotInLoop is deprecated and removed from the quickstart ruleset. Use the new rule UnnecessarySemicolon instead.

Fixed Issues

• cli
  • #1445: [core] Allow CLI to take globs as parameters
• core
  • #2352: [core] Deprecate <lang>-<ruleset> hyphen notation for ruleset references
  • #3787: [core] Internalize some methods in Ant Formatter
  • #3835: [core] Deprecate system properties of CPDCommandLineInterface
  • #3942: [core] common-io path traversal vulnerability (CVE-2021-29425)
• cs (c#)
  • #3974: [cs] Add option to ignore C# attributes (annotations)
• go
  • #2752: [go] Error parsing unicode values
• html
  • #3955: [html] Improvements for handling text and comment nodes
  • #3978: [html] Add additional file extensions htm, xhtml, xht, shtml
• java
  • #3423: [java] Error processing identifiers with Unicode
• java-bestpractices
  • #3954: [java] NPE in UseCollectionIsEmptyRule when .size() is called in a record
• java-design
  • #3874: [java] ImmutableField reports fields annotated with @Autowired (Spring) and @Mock (Mockito)
• java-errorprone
  • #3096: [java] EmptyStatementNotInLoop FP in 6.30.0 with IfStatement
• java-performance
  • #3379: [java] UseArraysAsList must ignore primitive arrays
  • #3965: [java] UseArraysAsList false positive with non-trivial loops
• javascript
  • #2605: [js] Support unicode characters
  • #3948: [js] Invalid operator error for method property in object literal
• python
  • #2604: [python] Support unicode identifiers

API Changes

Deprecated ruleset references

Ruleset references with the following formats are now deprecated and will produce a warning when used on the CLI or in a ruleset XML file:

• <lang-name>-<ruleset-name>, eg java-basic, which resolves to rulesets/java/basic.xml
• the internal release number, eg 600, which resolves to rulesets/releases/600.xml

Use the explicit forms of these references to be compatible with PMD 7.

Deprecated API

• toString is now deprecated. The format of this method will remain the same until PMD 7. The deprecation is intended to steer users away from relying on this format, as it may be changed in PMD 7.
• getInputPaths and setInputPaths are now deprecated. A new set of methods have been added, which use lists and do not rely on comma splitting.

Internal API

Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0. You can identify them with the @InternalApi annotation. You’ll also get a deprecation warning.

• CPDCommandLineInterface has been internalized. In order to execute CPD either CPD#run or CPD#main should be used.
• Several members of BaseCPDCLITest have been deprecated with replacements.
• The methods Formatter#start, Formatter#end, Formatter#getRenderer, and Formatter#isNoOutputSupplied have been internalized.

External Contributions

• #3961: [java] Fix #3954 - NPE in UseCollectionIsEmptyRule with record - @flyhard
• #3964: [java] Fix #3874 - ImmutableField: fix mockito/spring false positives - @lukelukes
• #3974: [cs] Add option to ignore C# attributes (annotations) - @maikelsteneker

Stats

• 92 commits
• 30 closed tickets & PRs
• Days since last release: 28

30-April-2022 - 6.45.0

The PMD team is pleased to announce PMD 6.45.0.

This is a minor release.

Table Of Contents

• New and noteworthy
  • PMD User Survey
  • Support for HTML
  • New rules
  • Modified rules
• Fixed Issues
• API Changes
  • Experimental APIs
• External Contributions
• Stats

New and noteworthy

PMD User Survey

Help shape the future of PMD by telling us how you use it.

Our little survey is still open in case you didn’t participate yet. Please participate in our survey at https://forms.gle/4d8r1a1RDzfixHDc7.

Thank you!

Support for HTML

This version of PMD ships a new language module to support analyzing of HTML. Support for HTML is experimental and might change without notice. The language implementation is not complete yet and the AST doesn’t look well for text nodes and comment nodes and might be changed in the future. You can write your own rules, but we don’t guarantee that the rules work with the next (minor) version of PMD without adjustments.

Please give us feedback about how practical this new language is in discussions. Please report missing features or bugs as new issues.

New rules

• The HTML rule AvoidInlineStyles finds elements which use a style attribute. In order to help maintaining a webpage it is considered good practice to separate content and styles. Instead of inline styles one should use CSS files and classes.

    <rule ref="category/html/bestpractices.xml/AvoidInlineStyles" />

• The HTML rule UnnecessaryTypeAttribute finds “link” and “script” elements which still have a “type” attribute. This is not necessary anymore since modern browsers automatically use CSS and JavaScript.

      <rule ref="category/html/bestpractices.xml/UnnecessaryTypeAttribute" />

• The HTML rule UseAltAttributeForImages finds “img” elements without an “alt” attribute. An alternate text should always be provided in order to help screen readers.

      <rule ref="category/html/bestpractices.xml/UseAltAttributeForImages" />

Modified rules

• The Java rule UnusedPrivateField has a new property ignoredFieldNames. The default ignores serialization-specific fields (eg serialVersionUID). The property can be used to ignore more fields based on their name. Note that the rule used to ignore fields named IDENT, but doesn’t anymore (add this value to the property to restore the old behaviour).

Fixed Issues

• core
  • #3792: [core] Allow to filter violations in Report
  • #3881: [core] SARIF renderer depends on platform default encoding
  • #3882: [core] Fix AssertionError about exhaustive switch
  • #3884: [core] XML report via ant task contains XML header twice
  • #3896: [core] Fix ast-dump CLI when reading from stdin
• doc
  • #2505: [doc] Improve side bar to show release date
• java
  • #3068: [java] Some tests should not depend on real rules
  • #3889: [java] Catch LinkageError in UselessOverridingMethodRule
• java-bestpractices
  • #3910: [java] UnusedPrivateField - Allow the ignored fieldnames to be configurable
  • #1185: [java] ArrayIsStoredDirectly false positive with field access
  • #1474: [java] ArrayIsStoredDirectly false positive with method call
  • #3879 [java] ArrayIsStoredDirectly reports duplicated violation
  • #3929: [java] ArrayIsStoredDirectly should report the assignment rather than formal parameter
• java-design
  • #3603: [java] SimplifiedTernary: no violation for ‘condition ? true : false’ case
• java-performance
  • #3867: [java] UseArraysAsList with method call
• plsql
  • #3687: [plsql] Parsing exception EXECUTE IMMEDIATE l_sql BULK COLLECT INTO statement
  • #3706: [plsql] Parsing exception CURSOR statement with parenthesis groupings

API Changes

Experimental APIs

• Report has two new methods which allow limited mutations of a given report:
  • Report#filterViolations creates a new report with some violations removed with a given predicate based filter.
  • Report#union can combine two reports into a single new Report.
• net.sourceforge.pmd.util.Predicate will be replaced in PMD7 with the standard Predicate interface from java8.
• The module pmd-html is entirely experimental right now. Anything in the package net.sourceforge.pmd.lang.html should be used cautiously.

External Contributions

• #3883: [doc] Improve side bar by Adding Release Date - @jasonqiu98
• #3910: [java] UnusedPrivateField - Allow the ignored fieldnames to be configurable - @laoseth
• #3928: [plsql] Fix plsql parsing error in parenthesis groups - @LiGaOg
• #3935: [plsql] Fix parser exception in EXECUTE IMMEDIATE BULK COLLECT #3687 - @Scrsloota
• #3938: [java] Modify SimplifiedTernary to meet the missing case #3603 - @VoidxHoshi
• #3943: chore: Set permissions for GitHub actions - @naveensrinivasan

Stats

• 97 commits
• 31 closed tickets & PRs
• Days since last release: 33

27-March-2022 - 6.44.0

The PMD team is pleased to announce PMD 6.44.0.

This is a minor release.

Table Of Contents

• New and noteworthy
  • PMD User Survey
  • Java 18 Support
  • Better XML XPath support
  • New XPath functions
  • New programmatic API
• Fixed Issues
• API Changes
  • Deprecated API
  • Experimental APIs
• External Contributions
• Stats

New and noteworthy

PMD User Survey

Help shape the future of PMD by telling us how you use it.

Please participate in our survey at https://forms.gle/4d8r1a1RDzfixHDc7.

Thank you!

Java 18 Support

This release of PMD brings support for Java 18. There are no new standard language features.

PMD also supports JEP 420: Pattern Matching for switch (Second Preview) as a preview language feature. In order to analyze a project with PMD that uses these language features, you’ll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 18-preview:

export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 18-preview ...

Note: Support for Java 16 preview language features have been removed. The version “16-preview” is no longer available.

Better XML XPath support

The new rule class DomXPathRule is intended to replace usage of the XPathRule for XML rules. This rule executes the XPath query in a different way, which sticks to the XPath specification. This means the expression is interpreted the same way in PMD as in all other XPath development tools that stick to the standard. You can for instance test the expression in an online XPath editor.

Prefer using this class to define XPath rules: replace the value of the class attribute with net.sourceforge.pmd.lang.xml.rule.DomXPathRule like so:

<rule name="MyXPathRule"
      language="xml"
      message="A message"
      class="net.sourceforge.pmd.lang.xml.rule.DomXPathRule">

      <properties>
        <property name="xpath">
            <value><![CDATA[
            /a/b/c[@attr = "5"]
            ]]></value>
        </property>
        <!-- Note: the property "version" is ignored, remove it. The query is XPath 2. -->
      </properties>
</rule>

The rule is more powerful than XPathRule, as it can now handle XML namespaces, comments and processing instructions. Please refer to the Javadoc of DomXPathRule for information about the differences with XPathRule and examples.

XPathRule is still perfectly supported for all other languages, including Apex and Java.

New XPath functions