Edit me

??-January-2021 - 6.31.0-SNAPSHOT

The PMD team is pleased to announce PMD 6.31.0-SNAPSHOT.

This is a minor release.

New and noteworthy

SARIF Format

PMD now supports the Static Analysis Results Interchange Format (SARIF) as an additional report format. Just use the command line parameter -format sarif to select it. SARIF is an OASIS standard format for static analysis tools. PMD creates SARIF JSON files in SARIF version 2.1.0. An example report can be found in the documentation in Report formats for PMD.

CPD

  • The C++ module now supports the new option --ignore-literal-sequences, which can be used to avoid detection of some uninteresting clones. This options has been introduced with PMD 6.30.0 for C# and is now available for C++ as well. See #2963.

New Rules

  • The new Apex rule OverrideBothEqualsAndHashcode brings the well known Java rule to Apex. In Apex the same principle applies: equals and hashCode should always be overridden together to ensure collection classes such as Maps and Sets work as expected.

  • The new Visualforce rule VfHtmlStyleTagXss checks for potential XSS problems when using <style> tags on Visualforce pages.

Deprecated rules

  • java-performance
    • AvoidUsingShortType: arithmetic on shorts is not significantly slower than on ints, whereas using shorts may provide significant memory savings in arrays.
    • SimplifyStartsWith: the suggested code transformation has an insignificant performance impact, and decreases readability.

Fixed Issues

  • core
    • #2953: [core] Support SARIF JSON Format
    • #2970: [core] PMD 6.30.0 release is not reproducible
    • #2994: [core] Fix code climate severity strings
  • java-bestpractices
    • #575: [java] LiteralsFirstInComparisons should consider constant fields
    • #2454: [java] UnusedPrivateMethod violation for disabled class in 6.23.0
    • #2833: [java] NPE in UseCollectionIsEmptyRule with enums
    • #2876: [java] UnusedPrivateField cannot override ignored annotations property
    • #2957: [java] Ignore unused declarations that have special name
  • java-codestyle
    • #2960: [java] Thread issue in MethodNamingConventionsRule
  • java-design
    • #3006: [java] NPE in SingularFieldRule with concise resource syntax
  • java-errorprone
    • #2976: [java] CompareObjectsWithEquals: FP with array.length
    • #2977: [java] 6.30.0 introduces new false positive in CloseResource rule?
    • #2979: [java] UseEqualsToCompareStrings: FP with “var” variables
    • #3004: [java] UseEqualsToCompareStrings false positive with PMD 6.30.0
    • #3062: [java] CloseResource FP with reassigned stream
  • java-performance
    • #2296: [java] Deprecate rule AvoidUsingShortType
    • #2740: [java] Deprecate rule SimplifyStartsWith
  • vf-security
    • #3081: [vf] VfUnescapeEl: Inherently un-XSS-able built-in functions trigger false positives

API Changes

Deprecated API

Experimental APIs

  • The method GenericToken#getKind has been added as experimental. This unifies the token interface for both JavaCC and Antlr. The already existing method AntlrToken#getKind is therefore experimental as well. The returned constant depends on the actual language and might change whenever the grammar of the language is changed.

External Contributions