From 1f662e81f7eb772148d0f831ed1f853475d69fff Mon Sep 17 00:00:00 2001 From: Andreas Dangel Date: Mon, 23 Apr 2018 21:01:11 +0200 Subject: [PATCH] Update release notes, refs #1042 - new rule --- docs/pages/release_notes.md | 15 ++++++++--- .../main/resources/rulesets/releases/630.xml | 13 +++++++++ .../main/resources/category/java/security.xml | 27 +++++++++---------- 3 files changed, 38 insertions(+), 17 deletions(-) create mode 100644 pmd-core/src/main/resources/rulesets/releases/630.xml diff --git a/docs/pages/release_notes.md b/docs/pages/release_notes.md index bbdf01016a..e022708404 100644 --- a/docs/pages/release_notes.md +++ b/docs/pages/release_notes.md @@ -15,6 +15,7 @@ This is a minor release. * [New and noteworthy](#new-and-noteworthy) * [Tree transversal revision](#tree-transversal-revision) * [Naming rules enhancements](#naming-rules-enhancements) + * [New Rules](#new-rules) * [Modified Rules](#modified-rules) * [Fixed Issues](#fixed-issues) * [API Changes](#api-changes) @@ -44,10 +45,17 @@ we have measured up to 10% improvements during Type Resolution, Symbol Table ana using a regex property. See the rule's documentation for more info about configuration and default conventions. +#### New Rules + +* The new Java rule [`InsecureCryptoIv`](pmd_rules_java_security.html#insecurecryptoiv) (`java-security`) + detects hard coded initialization vectors used in cryptographic operations. It is recommended to use + a randomly generated IV. + #### Modified Rules -* The Java rule `UnnecessaryConstructor` (`java-codestyle`) has been rewritten as a Java rule (previously it was - a XPath-based rule). It supports a new property `ignoredAnnotations` and ignores by default empty constructors, +* The Java rule [`UnnecessaryConstructor`](pmd_rules_java_codestyle.html#unnecessaryconstructor) (`java-codestyle`) + has been rewritten as a Java rule (previously it was a XPath-based rule). It supports a new property + `ignoredAnnotations` and ignores by default empty constructors, that are annotated with `javax.inject.Inject`. Additionally, it detects now also unnecessary private constructors in enums. @@ -87,5 +95,6 @@ we have measured up to 10% improvements during Type Resolution, Symbol Table ana * [#1008](https://github.com/pmd/pmd/pull/1008): \[core] DOC: fix closing tag for <pmdVersion> - [stonio](https://github.com/stonio) * [#1010](https://github.com/pmd/pmd/pull/1010): \[java] UnnecessaryConstructor triggered on required empty constructor (Dagger @Inject) - [BBG](https://github.com/djydewang) * [#1012](https://github.com/pmd/pmd/pull/1012): \[java] JUnitAssertionsShouldIncludeMessage - False positive with assertEquals and JUnit5 - [BBG](https://github.com/djydewang) -* [#1024](https://github.com/pmd/pmd/pull/1024): \[java]Issue 558: Properlogger for enums - [Utku Cuhadaroglu](https://github.com/utkuc) +* [#1024](https://github.com/pmd/pmd/pull/1024): \[java] Issue 558: Properlogger for enums - [Utku Cuhadaroglu](https://github.com/utkuc) +* [#1042](https://github.com/pmd/pmd/pull/1042): \[java] New security rule: report usage of hard coded IV in crypto operations - [Sergey Gorbaty](https://github.com/sgorbaty) diff --git a/pmd-core/src/main/resources/rulesets/releases/630.xml b/pmd-core/src/main/resources/rulesets/releases/630.xml new file mode 100644 index 0000000000..a10a05506a --- /dev/null +++ b/pmd-core/src/main/resources/rulesets/releases/630.xml @@ -0,0 +1,13 @@ + + + + +This ruleset contains links to rules that are new in PMD v6.3.0 + + + + + diff --git a/pmd-java/src/main/resources/category/java/security.xml b/pmd-java/src/main/resources/category/java/security.xml index d148f3cdee..e73df34fed 100644 --- a/pmd-java/src/main/resources/category/java/security.xml +++ b/pmd-java/src/main/resources/category/java/security.xml @@ -1,23 +1,23 @@ - + - + Rules that flag potential security flaws. - - + + Do not use hard coded initialization vector in cryptographic operations. Please use a randomly generated IV. - 3 - + 3 + - - + \ No newline at end of file