PMD Release Notes

30-October-2021 - 6.40.0-SNAPSHOT

The PMD team is pleased to announce PMD 6.40.0-SNAPSHOT.

This is a minor release.

New and noteworthy

New rules

• The new Apex rule EagerlyLoadedDescribeSObjectResult finds DescribeSObjectResults which could have been loaded eagerly via SObjectType.getDescribe().

    <rule ref="category/apex/performance.xml/EagerlyLoadedDescribeSObjectResult" />

Modified rules

• The Apex rule ApexUnitTestClassShouldHaveAsserts has a new property additionalAssertMethodPattern. When specified the pattern is evaluated against each invoked method name to determine whether it represents a test assertion in addition to the standard names.

• The Apex rule ApexDoc has a new property reportMissingDescription. If set to false (default is true if unspecified) doesn’t report an issue if the @description tag is missing. This is consistent with the ApexDoc dialect supported by derivatives such as SfApexDoc and also with analogous documentation tools for other languages, e.g., JavaDoc, ESDoc/JSDoc, etc.

• The Apex rule ApexCRUDViolation has a couple of new properties: These allow specification of regular-expression-based patterns for additional methods that should be considered valid for pre-CRUD authorization beyond those offered by the system Apex checks and ESAPI, e.g., sirono-common’s AuthorizationUtil class. Two new properties have been added per-CRUD operation, one to specify the naming pattern for a method that authorizes that operation and another to specify the argument passed to that method that contains the SObjectType instance of the type being authorized. Here is an example of these new properties:

  <rule ref="category/apex/security.xml/ApexCRUDViolation" message="...">
    <priority>3</priority>
    <properties>
      <property name="createAuthMethodPattern" value="AuthorizationUtil\.(is|assert)(Createable|Upsertable)"/>
      <!--
       There's one of these properties for each operation, and the default value is 0 so this is technically
       superfluous, but it's included it here for example purposes.
       -->
      <property name="createAuthMethodTypeParamIndex" value="0"/>
      <property name="readAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Accessible"/>
      <property name="updateAuthMethodPattern" value="AuthorizationUtil\.(is|assert)(Updateable|Upsertable)"/>
      <property name="deleteAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Deletable"/>
      <property name="undeleteAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Undeletable"/>
      <property name="mergeAuthMethodPattern" value="AuthorizationUtil\.(is|assert)Mergeable"/>
    </properties>
  </rule>
  

• The Apex rule EmptyStatementBlock has two new properties:

  Setting reportEmptyPrivateNoArgConstructor to false ignores empty private no-arg constructors that are commonly used in singleton pattern implementations and utility classes in support of prescribed best practices.

  Setting reportEmptyVirtualMethod to false ignores empty virtual methods that are commonly used in abstract base classes as default no-op implementations when derived classes typically only override a subset of virtual methods.

  By default, both properties are true to not change the default behaviour of this rule.

• The Apex rule OneDeclarationPerLine has a new property reportInForLoopInitializer: If set to false (default is true if unspecified) doesn’t report an issue for multiple declarations in a for loop’s initializer section. This is support the common idiom of one declaration for the loop variable and another for the loop bounds condition, e.g.,

  for (Integer i = 0, numIterations = computeNumIterations(); i < numIterations; i++) {
  }
  

Fixed Issues

• apex
  • #1089: [apex] ApexUnitTestClassShouldHaveAsserts: Test asserts in other methods not detected
  • #1090: [apex] ApexCRUDViolation: checks not detected if done in another method
  • #3532: [apex] Promote usage of consistent getDescribe() info
  • #3566: [apex] ApexDoc rule should not require “@description”
  • #3568: [apex] EmptyStatementBlock: should provide options to ignore empty private constructors and empty virtual methods
  • #3570: [apex] OneDeclarationPerLine: should provide an option to ignore multiple declarations in a for loop initializer
  • #3576: [apex] ApexCRUDViolation should provide an option to specify additional patterns for methods that encapsulate authorization checks
  • #3579: [apex] ApexCRUDViolation: false negative with undelete
• java-errorprone
  • #3560: [java] InvalidLogMessageFormat: False positive with message and exception in a block inside a lambda
• java-performance
  • #2364: [java] AddEmptyString false positive in annotation value

API Changes

External Contributions

• #3538: [apex] New rule EagerlyLoadedDescribeSObjectResult - Jonathan Wiesel
• #3549: [java] Ignore AddEmptyString rule in annotations - Stanislav Myachenkov
• #3561: [java] InvalidLogMessageFormat: False positive with message and exception in a block inside a lambda - Nicolas Filotto
• #3565: [doc] Fix resource leak due to Files.walk - lujiefsi
• #3571: [apex] Fix for #1089 - Added new configuration property additionalAssertMethodPattern to ApexUnitTestClassShouldHaveAssertsRule - Scott Wells
• #3572: [apex] Fix for #3566 - Added new configuration property reportMissingDescription to ApexDocRule - Scott Wells
• #3573: [apex] Fix for #3568 - Added new configuration properties reportEmptyPrivateNoArgConstructor and reportEmptyVirtualMethod to EmptyStatementBlock - Scott Wells
• #3575: [apex] Fix for #3570 - Added new configuration property reportInForLoopInitializer to OneDeclarationPerLine - Scott Wells
• #3577: [apex] Fix for #3576 - Added new configuration properties *AuthMethodPattern and *AuthMethodTypeParamIndex to ApexCRUDViolation rule - Scott Wells
• #3578: [apex] ApexCRUDViolation: Documentation changes for #3576 - Scott Wells