Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
9a3ad61
WIP: S8909 implementation (incomplete after 5 attempts)
romainbrenguier Jun 23, 2026
b60c6f5
SONARJAVA-6489 Fix S8909 implementation and tests
romainbrenguier Jun 24, 2026
f5281da
SONARJAVA-6489 Add S8909 rule metadata and documentation
romainbrenguier Jun 24, 2026
84e8774
Address PR comment from gitar-bot[bot]
romainbrenguier Jun 24, 2026
47f04a7
Fix Windows CI failure
romainbrenguier Jun 24, 2026
35b482e
Update autoscan expected test results for S8909
romainbrenguier Jun 24, 2026
b1c1744
Merge branch 'master' into new-rule/SONARJAVA-6489-S8909
romainbrenguier Jun 25, 2026
841ff2a
Fix CI: Updated hardcoded count in AutoScanTest.java from 11 to 12 to…
romainbrenguier Jun 25, 2026
b83a035
Merge remote-tracking branch 'origin/master' into new-rule/SONARJAVA-…
romainbrenguier Jun 25, 2026
413d87d
Fix CI: Updated diff_S6813.json to reflect 3 additional false negativ…
romainbrenguier Jun 25, 2026
f1356d8
Address review comment from rombirli on java-checks/src/main/java/org…
romainbrenguier Jun 29, 2026
5ed3609
Address review comment from rombirli on java-checks/src/main/java/org…
romainbrenguier Jun 29, 2026
46ffe7f
Address review comment from rombirli on java-checks/src/main/java/org…
romainbrenguier Jun 29, 2026
d1273ff
Address review comment from rombirli on java-checks/src/main/java/org…
romainbrenguier Jun 29, 2026
113116d
Merge remote-tracking branch 'origin/master' into new-rule/SONARJAVA-…
romainbrenguier Jun 29, 2026
72490f1
Fix S8909 autoscan false positives
romainbrenguier Jun 29, 2026
5989e84
Add test coverage for S8909 matchesAnnotation MEMBER_SELECT branch
romainbrenguier Jun 30, 2026
793eba7
SONARJAVA-6536 Make sonar-java required for Kotlin (#5711)
petertrr Jun 29, 2026
733bc7f
AT-24 Declassify two "beta" rules: S6539 and S6548 (#5715)
asya-vorobeva Jun 29, 2026
e03b211
SONARJAVA-6542 Update rule metadata (#5717)
hashicorp-vault-sonar-prod[bot] Jun 30, 2026
0230970
CLP-85 Update notifications Slack channels (#5693)
aurelien-coet-sonarsource Jun 30, 2026
46d4ef0
SONARJAVA-6543 Fix failing SQ quality gate (#5718)
asya-vorobeva Jun 30, 2026
dcff4d1
SONARJAVA-6545 Prepare next development iteration 8.35.0 (#5720)
hashicorp-vault-sonar-prod[bot] Jun 30, 2026
0f24335
Update autoscan expected test results for S8909
romainbrenguier Jun 24, 2026
4e8989d
Improve S8909 branch coverage by simplifying unreachable code
romainbrenguier Jul 1, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ToggleLockBranch.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,4 @@ jobs:
github-token: ${{ fromJSON(steps.secrets.outputs.vault).lock_token }}
slack-token: ${{ fromJSON(steps.secrets.outputs.vault).slack_api_token }}
additional-message: ${{ github.event.inputs.additional-message }}
slack-channel: squad-jvm-notifs
slack-channel: squad-corelang-releases
2 changes: 1 addition & 1 deletion .github/workflows/automated-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ jobs:
create-slvscode-ticket: ${{ github.event.inputs.ide-integration == 'true' }}
branch: ${{ github.event.inputs.branch }}
pm-email: "jean.jimbo@sonarsource.com"
slack-channel: "squad-jvm-releases"
slack-channel: "squad-corelang-releases"
verbose: ${{ github.event.inputs.verbose == 'true' }}
use-jira-sandbox: ${{ github.event.inputs.dry-run == 'true' }}
is-draft-release: ${{ github.event.inputs.dry-run == 'true' }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dogfood.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,5 +41,5 @@ jobs:
env:
SLACK_BOT_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SLACK_BOT_TOKEN }}
with:
channel-id: squad-jvm-notifs
channel-id: squad-corelang-notifs
slack-message: "Dogfood build for `${{ steps.dogfood.outputs.sha1 }}`: *failed*, see the logs at https://github.com/SonarSource/sonar-java/actions/workflows/dogfood.yml"
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,6 @@ jobs:
with:
publishToBinaries: true
mavenCentralSync: true
slackChannel: squad-jvm-releases
slackChannel: squad-corelang-releases
version: ${{ inputs.version }}
dryRun: ${{ inputs.dryRun == true }}
2 changes: 1 addition & 1 deletion check-list/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>check-list</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion docs/java-custom-rules-example/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>docs</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>


Expand Down
2 changes: 1 addition & 1 deletion docs/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>docs</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion external-reports/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>external-reports</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion its/autoscan/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-its</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>it-java-autoscan</artifactId>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"ruleKey": "S6813",
"hasTruePositives": true,
"falseNegatives": 66,
"falseNegatives": 69,
"falsePositives": 0
}
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"ruleKey": "S6548",
"ruleKey": "S8909",
"hasTruePositives": true,
"falseNegatives": 0,
"falsePositives": 0
Expand Down
2 changes: 1 addition & 1 deletion its/plugin/plugins/java-extension-plugin/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>it-java-plugin-plugins</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>java-extension-plugin</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion its/plugin/plugins/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>it-java-plugin</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>it-java-plugin-plugins</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion its/plugin/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-its</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>it-java-plugin</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion its/plugin/tests/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>it-java-plugin</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>it-java-plugin-tests</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion its/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>java-its</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion its/ruling/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-its</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>it-java-ruling</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion java-checks-aws/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>java-checks-aws</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion java-checks-common/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>java-checks-common</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion java-checks-test-sources/aws/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-checks-test-sources</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>aws</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion java-checks-test-sources/default/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-checks-test-sources</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>default</artifactId>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,193 @@
package checks.quarkus;

import io.quarkus.cache.CacheKeyGenerator;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.context.Dependent;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import java.lang.reflect.Method;

class NoncompliantBasic implements CacheKeyGenerator { // Noncompliant {{Make this class a CDI bean by adding a scope annotation, or add a public no-args constructor.}}
// ^^^^^^^^^^^^^^^^^
private final ConfigService configService;

public NoncompliantBasic(ConfigService configService) {
this.configService = configService;
}

@Override
public Object generate(Method method, Object... methodParams) {
return configService.getPrefix() + methodParams[0];
}
}

class NoncompliantMultipleDependencies implements CacheKeyGenerator { // Noncompliant
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
private final DatabaseService dbService;
private final CacheConfig config;

public NoncompliantMultipleDependencies(DatabaseService dbService, CacheConfig config) {
this.dbService = dbService;
this.config = config;
}

@Override
public Object generate(Method method, Object... methodParams) {
return dbService.format(methodParams[0]);
}
}

class NoncompliantMultipleConstructors implements CacheKeyGenerator { // Noncompliant
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
private final String prefix;

public NoncompliantMultipleConstructors(String prefix) {
this.prefix = prefix;
}

public NoncompliantMultipleConstructors(String prefix, int timeout) {
this.prefix = prefix;
}

@Override
public Object generate(Method method, Object... methodParams) {
return prefix + methodParams[0];
}
}

class NoncompliantPrivateConstructor implements CacheKeyGenerator { // Noncompliant
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
private NoncompliantPrivateConstructor() {}

@Override
public Object generate(Method method, Object... methodParams) {
return methodParams[0];
}
}

@ApplicationScoped
class CompliantApplicationScoped implements CacheKeyGenerator {
@Inject
ConfigService configService;

@Override
public Object generate(Method method, Object... methodParams) {
String prefix = configService.getPrefix();
return prefix + methodParams[0];
}
}

@Dependent
class CompliantDependent implements CacheKeyGenerator {
@Inject
ConfigService configService;

@Override
public Object generate(Method method, Object... methodParams) {
return configService.getPrefix() + methodParams[0];
}
}

@RequestScoped
class CompliantRequestScoped implements CacheKeyGenerator {
@Inject
ConfigService configService;

@Override
public Object generate(Method method, Object... methodParams) {
return configService.getPrefix() + methodParams[0];
}
}

class NoncompliantPackagePrivateImplicitConstructor implements CacheKeyGenerator { // Noncompliant
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@Override
public Object generate(Method method, Object... methodParams) {
return methodParams[0];
}
}

class CompliantExplicitNoArgsConstructor implements CacheKeyGenerator {
public CompliantExplicitNoArgsConstructor() {}

@Override
public Object generate(Method method, Object... methodParams) {
return methodParams[0];
}
}

class CompliantMultipleConstructorsWithNoArgs implements CacheKeyGenerator {
private final String prefix;

public CompliantMultipleConstructorsWithNoArgs() {
this.prefix = "default";
}

public CompliantMultipleConstructorsWithNoArgs(String prefix) {
this.prefix = prefix;
}

@Override
public Object generate(Method method, Object... methodParams) {
return prefix + methodParams[0];
}
}

@jakarta.enterprise.context.ApplicationScoped
class CompliantFullyQualifiedJakartaAnnotation implements CacheKeyGenerator {
@Override
public Object generate(Method method, Object... methodParams) {
return methodParams[0];
}
}

@javax.enterprise.context.ApplicationScoped
class CompliantFullyQualifiedJavaxAnnotation implements CacheKeyGenerator {
@Override
public Object generate(Method method, Object... methodParams) {
return methodParams[0];
}
}

abstract class CompliantAbstractClass implements CacheKeyGenerator {
}

interface CompliantInterface extends CacheKeyGenerator {
}

class AnonymousClassUser {
// Anonymous class implementing CacheKeyGenerator - covers isAnonymous check (line 72)
CacheKeyGenerator generator = new CacheKeyGenerator() {
@Override
public Object generate(Method method, Object... methodParams) {
return methodParams[0];
}
};
}

@jakarta.enterprise.context.SessionScoped
class CompliantFullyQualifiedSessionScoped implements CacheKeyGenerator {
@Override
public Object generate(Method method, Object... methodParams) {
return methodParams[0];
}
}

class NotACacheKeyGenerator {
public NotACacheKeyGenerator(String param) {}
}

class ConfigService {
public String getPrefix() {
return "prefix";
}
}

class DatabaseService {
public String format(Object obj) {
return obj.toString();
}
}

class CacheConfig {
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
package io.quarkus.cache;

import java.lang.reflect.Method;

/**
* Mock-up interface for Quarkus CacheKeyGenerator for testing purposes
*/
public interface CacheKeyGenerator {
Object generate(Method method, Object... methodParams);
}
2 changes: 1 addition & 1 deletion java-checks-test-sources/java-17/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<parent>
<groupId>org.sonarsource.java</groupId>
<artifactId>java-checks-test-sources</artifactId>
<version>8.34.0-SNAPSHOT</version>
<version>8.35.0-SNAPSHOT</version>
</parent>

<artifactId>java-17</artifactId>
Expand Down
Loading
Loading