Dear Java & Python developers,
Many of you have been asking questions about S6555 for Java duplicating S2259. Many of you have raised false-positives for both Java and Python for our bug detection rules.
For a while now we have been working on a new version of our bug detection engine to increase the quality of our rules.
Today, we are releasing version 2.0 of this engine on SonarQube Cloud. It includes several advances in our detection technology to surface more pertinent issues.
You can read all about this exciting new step in our blog post on the subject, but let’s just say we are very pleased with the results at this stage.
This version should really bring more True Positives for both Java and Python for rules such as S6555, S4666, and S6649, among others. Our goal in the near term is to retire the historic rules such as java:S2259 in favor of javabugs:S6555. When that happens, we will collapse the rules into a single javabugs:S2259 to make things easier. For now, as we take the new engine through its paces, S6555 remains a standalone rule, and out of the SonarWay quality profile.
After that first step we will continue on with other rules such as S2583 & S2589.
In terms of impact, you can expect a lot of false-positives to disappear, and new issues to be raised. You will see some new false-positives, of course, as no detection technology is perfect, but overall this should be a net gain.
We also had to silence some rules for both languages, as we are still working on porting them to the new engine. Those rules will be re-established in subsequent releases.
Please let us know how the new engine performs for you, and send us your feedback!
Complete list of impacted rules:
Java:
- S6466
- S2190
- S6320 (Silenced)
- S6417 (Silenced)
- S6416
- S6322 (Silenced)
- S6555
- S6646
- S6707
- S6651
- S6780
- S6649
Python:
- S2589
- S2583
- S2259
- S2666
- S6464 (silenced)
- S3518
- S6465 (silenced)
- S6417 (silenced)
- S6899 (silenced)
- S5633 (silenced)
- S6886 (silenced)
Denis & Jean