This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.


Summary: This document provides information about changes and new features introduced in this release.

1.3.14-funcrel

Resolved Issues

Customer Ticket IdDetails
44210Fixes missing links in chained method calls involving implicit Lombok Getter objects and Java Methods. We now create Getter objects for methods and classes containing Lombok annotations.
44425Fixes a missing link between Java Methods due to a bug in the type resolution of a method argument. This fix builds upon the earlier fix to Lombok Getter generation also present in this release.
44299Fixes missing links to Java method references and also improves their processing.
43411Fixes an access violation seen during the resolve declarations phase for two Java files.
44636Fixes the cause of a warning "JAVA090 Class 'x.y.z.className' not found in file as expected under classpath".
33826Fixes false violations for the rule 7502 "Never use an array to map Hibernate collection".
42737Fixes false violations for the rule 7502 "Never use an array to map Hibernate collection".
44970Upgrades the Struts 2.5 Environment Profile jars to the latest version.
43518Fixes a syntax warning due to a Unicode "\u0000" used as a default value during Jar processing.
Callee TypeCaller TypeDetails
Implicitly Generated Java MethodJava MethodNew links will be created from Java Methods to implicitly generated Java Methods from Lombok.
Java MethodJava MethodThe new links to Lombok methods further improves resolution of chained method calls. Another fix improved the type resolution of method arguments involving Lombok Getters resulting in some new links.
Java Method ReferenceJava MethodAdded some missing links from Java Methods to Java Method References.

Other Updates

Details
Adds unit testing to check that the Lombok annotation @SuperBuilder is already supported.
Found the cause of missing link to a static Java Method.
Confirms the reason for a missing link to a Java Method of a Class present in a Jar file.
Fixes a syntax warning due to a Unicode "\u0000" used as a default value during Jar processing
Fixes improperly instantiated generic methods when Type Arguments have the same class names but are from different packages.
Fixes the cause of a random JAVA044 syntax warning while processing an empty character value from a Jar.

Rules

Rule IdNew RuleDetails
7502FALSERule 7502 "Never use an array to map Hibernate collection" is moved to JEE and implemented as a scope and property based rule.

1.3.13-funcrel

Resolved Issues

Customer Ticket IdDetails
42117Fixes false positives for the rule (8108): "Avoid missing release of stream connection after an effective lifetime".
42470Fixes an issue causing the JEE analyzer to crash with the message: "warning 'Unknown Exception'" during the "Resolving parametrization links" step.
42535Fixes false positives for the rule (8216): "Avoid using incompatible mutation".
30703Fixes an issue causing the warnings "Exception durring resolution of a target of method :in position line/col:0/0" and "Error in inference engine". during the "JAVA305: Computing dynamic links..." step.
42470Fixes an issue causing the warning "Job execution Log the exception information: Unknown Exception..." during the "JAVA307: Resolving parametrization links..." step.
39615The rule name and documentation for rule 7150 has been updated: 1) the rule name has been reverted to "Favor PreparedStatement or CallableStatement over Statement" (from "Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement") and 2) rule description text has been changed to remove the use of the word ""string interpolation".

Other Updates

Details
Fixed a regression in performance with 1.3.4-funcrel and added better exception management.

Rules

Rule IdNew RuleDetails
8108FALSEFixed false positives for rule 8108: "Avoid missing release of stream connection after an effective lifetime".
8216FALSEFixed false positives for rule 8216: "Avoid using incompatible mutation". The rule Rationale, References and Remediation were also updated.
7150FALSEName of the rule 7150 has been reverted to "Favor PreparedStatement or CallableStatement over Statement" from "Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement".
7654FALSEThe performance of the computation for the rule 7654: "Avoid database tables associated to more than one Hibernate Entity" has been improved.
7506FALSEThe performance of the computation for the rule 7506: "equals() and hashCode() should be defined for Hibernate/JPA component" has been improved.
7730FALSEThe performance of the computation for the rule 7730: "Always use declarative transaction" has been improved.

Performance Improvements

Summary
Improved performance of code that looks up symbol matches.
Improved performance for the following rules that process XML configuration files: 7506, 7654 and 7730.
Improved performance of the GUID saver step.

1.3.12-funcrel

Resolved Issues

Customer Ticket IdDetails
32929Fixes a resolution issue while processing classes with filenames containing UTF-8 characters.

Other Updates

Details
Fixes syntax warnings due to lack of support of Maps from JavaEE's Expression Language.
This change supports an updated behaviour for links from Java to SQL in new Python extensions. Extensions can now choose to disable links normally created by grep or the Inference Engine.

Performance Improvements

Summary
Improved the performance of an SQL procedure "DIAG_CHILDHOOD_PERSISTENT" used for the computation of Quality Rule violations.

1.3.11-funcrel

Resolved Issues

Customer Ticket IdDetails
38165Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)".
32928Fixed the incorrect resolution of generic methods type. Links will now be updated/resolved to correct symbols.
32600Fixed false violations for rule (7446): "Avoid double checked locking for JSE 4.x and previous version".
28903Documentation updated for rule (7964): "Avoid directly instantiating a Class used as a managed bean".
40343Fixed a crash issue which occured due to apostrophes used in a project name.
37751Fixed false violations for rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)"
40894Fixed an analysis crash issue with an unknown exception, which occured during GUID computation.
40780Fixed an access violation seen while processing an XML configuration file.
39753Fixed false positives for the rule (8108): "Avoid missing release of stream connection after an effective lifetime".
40777Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)"
33674Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)"
38101Fixed Spring Batch Job objects being invalidly created in JEE
33238Fixed the cause of syntax warnings for some methods called 'record', and some cases of nested type arguments.
40976Fixed an access violation seen while processing an XML configuration file.
Callee TypeCaller TypeDetails
Generic Method TypeGeneric MethodType of generic methods are being resolved.

Other Updates

Details
Rule 7192 is moved to JEE and implemented as a scope and property based rule.
Fixed an unknown exception observed in JEE due to a usage of Java Type Parameter.
Fixed Java analysis warnings seen in the Metric Assistant log.
Fixed Java analysis warnings seen in the Metric Assistant log.
Rule 4612 is moved to the JEE Analyzer.
Rule 4600 is moved to JEE and implemented as a scope and property based rule.
Added support for variable access in try-with-resource.

Rules

Rule IdNew RuleDetails
7446FALSEFalse violations for rule "Avoid double checked locking for JSE 4.x and previous version" are fixed. The documentation under remediation, remediation samples & references have also been updated.
7192FALSERule 7192 "Avoid using Struts Form that cannot extend Validator Class" are moved to JEE and implemented as a scope and property based rule.
7964FALSEUpdated the documentation with correct scope.
8104FALSERemoved false violations for the rule "Avoid missing release of SQL connection after an effective lifetime (JEE)".
8108FALSERemoved false violations for the rule "Avoid missing release of stream connection after an effective lifetime"
4612FALSERule 4612 "Avoid using native Methods (JNI)" are moved to the JEE Analyzer.
4600FALSERule 4600 "Avoid using Exit and Halt Methods on a Web/Application Server" are moved to JEE and implemented as a scope and property based rule.

1.3.10-funcrel

Note

The snapshot fails using the version 1.3.9-funcrel due to a SQL error in the scope of the rule: 'Hibernate-provided implementations from third parties should be used for connection pool'

Resolved Issues

Customer Ticket IdDetails
37255Fixed unresolved type.
38216Fixes an issue where syntax is not recognized while passing resources to a try block.
39797Fixes an issue causing a snapshot to fail with the error: missing FROM-clause entry for table "odd".
38346Fixed an access violation seen in some cases of Switch Statements or Expressions.
37371Fixed an access violation seen in some cases of Switch Statements or Expressions.
39033Fixed an exception seen while parsing some Annotation parameters.
38594Fixed an exception encountered while processing some "Type Arguments" in Lambda Expressions.
38434Fixed an exception encountered while processing some "Type Arguments" in Lambda Expressions.
38175Fixed the incomplete resolution of Lambda parameters. New links would now be created for these resolved symbols.
33723Fixed a false positive for the rule (8108): "Avoid missing release of stream connection after an effective lifetime".
35133Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)".
35134Fixed an issue that caused a missing violation for the rule (8108): "Avoid missing release of stream connection after an effective lifetime".
37019Fixed false violations for the rule (7728): "Avoid thread creation for application running on application server" that were seen in a Spring Boot application (non-EJB).
38584Fixed a false violation on rule 8214: "Avoid operating on resource after expiration or release".
Callee TypeCaller TypeDetails
Java ParameterJava Lambda ExpressionNew links from Lambdas to previously unresolved types may be observed

Other Updates

Details
Internal procedures used in quality rules have been updated to follow ANSI notation.
Fixed an exception seen while computing a snapshot for the rule (7702): "Hibernate-provided implementations from third parties should be used for connection pool".
Fixed multiple exceptions seen while analyzing a CAST application.
Fixed multiple exceptions seen while analyzing an external application.
Fixed duplicated internal set definitions used for quality rule scopes.
Fixed an internal procedure that was using a cartesian product.

Rules

Rule IdNew RuleDetails
7442FALSERule name has been updated to "Avoid to use keyword 'this' within Constructor in multi-thread environment".
7728FALSEFixed false violations for the rule "Avoid thread creation for application running on application server", caused by the presence of Servlets without EJBs. The documentation on the rule output and total population have also been updated.
8108FALSEFixed cases of false positives and a missing violation for the rule: "Avoid missing release of stream connection after an effective lifetime".
8104FALSEFixed false positives for the rule: "Avoid missing release of SQL connection after an effective lifetime (JEE)".

1.3.9-funcrel

Note

This extension has been withdrawn. All fixes and updates are present in 1.3.10-funcrel.

1.3.8-funcrel

Resolved Issues

Customer Ticket IdDetails
36886Enabled a warning indicating syntax errors in JSP files.
37115Enabled a warning indicating syntax errors in JSP files.
37273Fixed some missing accessExec links to implementation classes when an exact match is found.
36326Fixed an issue with exception handling with plugins that caused the Java analysis to fail.
37448Fixed a missing call to method Lambda
32587Fixed the missing link from JPA Entity to referenced table.
33682Fixed a false positive for the rule (7442): "Avoid to use this within Constructor in multi-thread environment". False positives were found while using the keyword "this" in a Method Reference.
Callee TypeCaller TypeDetails
TableJPA EntityFixed missing links in the case that annotation @Table is not used.
Java MethodJava Method or Generic MethodAdded some missing accessExec links from callee Java methods to called Java methods in implementation classes.
Java ClassJava Lambda ExpressionFixed some incorrect relyOn links.
Java MethodJava Lambda ExpressionFixed some missing accessExec links.

Other Updates

Details
An improvement has been implemented to ensure that method signatures are normalized (removing whitespace) correctly throughout the entire analyzer.
Fixed the false links from Java Lambda Expression.
Fixed a syntax error being seen for casting with additional bounds.
Fixed exceptions seen with inferred types of some Lambda parameters.

Rules

Rule IdNew RuleDetails
7442FALSEFixed a false positive for the rule: "Avoid to use this within Constructor in multi-thread environment". False positives were found while using the keyword "this" in a Method Reference.

New Support

SummaryDetails
Add support for Java 16, 17 and 18This release of JEE supports analysis of Java 16, 17 and 18 sources. Standardized features such as Records, Pattern matching and Sealed Classes are supported.

1.3.7-funcrel

Note

This release also includes the latest bug fixes from JEE's LTS release

Resolved Issues

Customer Ticket IdDetails
35679Fixed an exception that prevented saving of analysis results
36060Fixed an exception that prevented saving of analysis results
32789Fixed an exception that prevented saving of analysis results
36132Documentation updated for the rule (7254): "Declare as Static all methods not using instance members".
32938Fixed a bookmark issue on JSP files for the rule "Avoid using deprecated method, constructor, field, type or package".
32248With this fix, JEE will always attempt to select the latest version, when multiple versions of the same JAR are referenced from a Maven repository.
Callee TypeCaller TypeDetails
JEE objectsSQL synonymsAn invalid link type created was corrected.

Other Updates

Details
JEE Support for Java 14
JEE Support for Java 15
Fixed an exception that prevented saving of analysis results.
Fixed an invalid link type between JEE objects and SQL synonyms.
Corrected the procedure calculating the total value for the QR "Struts1: Avoid implementing Action Classes inheriting directly from Struts Action"
Fixed an issue with some Deprecated APIs from the Environment Profile for Java not being correctly marked. The issue occurred only where methods had the Deprecated annotation along with additional parameters like 'since' or 'forRemoval'. There may be additional violations seen for rules affected by the use of this annotation.

Rules

Rule IdNew RuleDetails
7254FALSERule Description and References are updated to reflect that Spring Bean methods are excluded for the rule (7254): "Declare as Static all methods not using instance members".
7242FALSETotal procedure corrected for the rule (7242): "Struts1: Avoid implementing Action Classes inheriting directly from Struts Action"
8220FALSEFixed two issues for the rule (8220): "Avoid using deprecated method, constructor, field, type or package". A bookmark issue was fixed where the rule incorrectly bookmarked an entire JSP file instead of the specific deprecated API usage within the file. The second fix was for methods marked with the Deprecated annotation and having parameters like 'since' or 'forRemoval' that were not processed correctly by the Analyzer. The number of violations for this rule may increase.

New Support

SummaryDetails
Add support for Java 14 & 15This release of JEE now supports analysis of Java 14 and 15 sources. Standardized features such as switch-expression and text blocks are supported.

1.3.6-funcrel

Note

This release upgrades the Log4j inside JEE's Environment Profile to version 2.17.1

Resolved Issues

Customer Ticket IdDetails
32611Fixed a false positive for the rule "Avoid hard-coded network resource names (JEE)".
33758Fixed false positives for the rule "Declare as Static all methods not using instance members".
33859The total procedure for the rule "'super.finalize()' should be invoked when overriding finalize() method" has been upgraded and now has lower execution time.
32641Removed false positives for the rule "Avoid testing floating point numbers for equality".
30819Fixed the cause of the unexpected warning. No impact on the analysis results due to the warning.
33165Fixed an unknown exception due to an issue with the stacking context.
21349Fixed syntax errors seen in cases of annotations used within Fully Qualified Names and Method Headers.
32602Fixed the initialization of plugins within the component.
33533Fixed the cause of the unexpected warning. No impact on the analysis results due to the warning.
33242Fixed total check 0 for the rule "Avoid non serializable Entity beans".

Other Updates

Details
The version of Log4j used in JEE's Environment Profile has been updated to 2.17.1
This fix enables the separation of the analysis task from the saving task.

Rules

Rule IdNew RuleDetails
8102FALSEFixed a false positive for the rule "Avoid hard-coded network resource names (JEE)"
4616FALSEImproved the execution time of the total procedure for the Quality Rule "'super.finalize()' should be invoked when overriding finalize() method"
8096FALSERemoved false positives for the rule "Avoid testing floating point numbers for equality"
7954FALSEQuality rule "Avoid indirect String concatenation inside loops" is now a critical rule.
7254FALSEFixed false positives on Lombok UtilityClass annotated classes, and, methods with the Bean annotation for the rule "Declare as Static all methods not using instance members". The rule has now been moved to the JEE Analyzer. In some cases, previously missing violations may be added.
7710FALSEFixed the total procedure causing zero counts for the rule "Avoid non serializable Entity beans"

1.3.5-funcrel

Resolved Issues

Customer Ticket IdDetails
31774Fixed a crash seen during regex operation.
30891Fixed some false positives for the QR "Provide a private default Constructor for utility Classes".
32113Fixed syntax warnings observed for some java.net.* classes.

Other Updates

Details
Fixed an migration procedure returning null values in non-JEE analysis.
Address issues identified during the review of QRs 7710 and 7416.

Rules

Rule IdNew RuleDetails
7710FALSECorrected scope of QR "Avoid non serializable Entity beans" to all Persistent Entities(JPA & Hibernate).
7416FALSERule "Struts1: Avoid Action Form Field without Validator" is moved to Scope & Property. Output of the rule is now fields in the case of Dynamic Form Beans and setters for Concrete Form Beans. Rule scope is also corrected - previous scope caused some repeated violations. False positives reported on non-Struts Forms were fixed.
7256FALSEFixed false positives due to lombok annotations for the QR "Provide a private default Constructor for utility Classes".

1.3.4-funcrel

Note

This release contains a fix that improves method and constructor resolution. The following changes may be observed due to this fix:

  • Increase in the total number of links and properties.
  • Better resolution of methods and constructors that were previously not being resolved.
  • Increased violations due to additionally resolved methods and constructors.

Resolved Issues

Customer Ticket IdDetails
28490Fixed missing links from service to DAO layers due to unresolved lombok getter/setter.
30120Fixed issue with negative compliance in dashboard for QR "Never use an array to map Hibernate collection".
31296A fix was made for an exception encountered while parsing a thrown exception.
30173Fixed total check for the QR "Lazy fetching should be used for Hibernate collection".
30927Fixed an exception that occurred due to incorrectly initialized Type Arguments.
25927Fixed missing links between java methods called by abstraction.
27108Fixed many false positives on private methods for the Quality Rules 4670, 4672 & 4674.

Other Updates

Details
A fix has been made in parametrization for JSP files.
Fixed an exception during snapshot for the QR "Struts1: Avoid Struts Fields in Action Classes that are not final static".

Rules

Rule IdNew RuleDetails
7502FALSEFixed negative compliance observed for QR "Never use an array to map Hibernate collection"
7488FALSEFixed total check for the QR "Lazy fetching should be used for Hibernate collection"
4616FALSEDetail procedure has been corrected to include Java Generic Methods for the QR "'super.finalize()' should be invoked when overriding finalize() method"
7444FALSEFixed total procedure to ensure correct scope for the QR "Avoid Using Non-Serialized Beans with Session Scope"
7154FALSEFixed total value less than detail for the QR "Struts1: Avoid Struts Fields in Action Classes that are not final static"
4670FALSERemoved false violations on private methods for QR 4670 "Public Methods must have JavaDoc comments"
4672FALSERemoved false violations on private methods for QR 4672 "Public Methods must have appropriate JavaDoc @param tags"
4674FALSERemoved false violations on private methods for QR 4674 "Public Methods must have appropriate JavaDoc @return tags"

1.3.3-funcrel

Resolved Issues

Customer Ticket IdDetails
28504Fixed a crash observed during resolution of a type parameter used in a Java Generic type.
28256Fixed false positives for the QR: "Avoid directly instantiating a Class used as a managed bean".
28437False positives from the usage of @Lob have been removed.
28567The source code position for violations is now being set for JPA Entity properties.
28448Fixed false positives for the QR: "Avoid directly instantiating a Class used as a managed bean".

Other Updates

Details
Confirmation of fix in 1.3.x for removal of GUID duplicate warnings for WSDL files.

Rules

Rule IdNew RuleDetails
7964FALSERemoved false positives and updated rule samples

1.3.2-funcrel

Resolved Issues

Customer Ticket IdDetails
27039False positive for the rule (rule id: 7494), “Persistent class method's equals() and hashCode() must access its fields through getter methods” is fixed.

Rules

Rule IdNew RuleDetails
7494FALSEFixed false positives due to Lombok EqualsAndHashCode and Data
7506FALSEFixed false positives due to Lombok EqualsAndHashCode and Data
7434FALSEFalse positives removed for the QR: "Ensure to override both equals() and hashCode()"
7238FALSEFixed false positives for the rule "Avoid calls between JSP Page for application using Struts framework"
7388FALSEFalse violation removed for the QR: "Avoid artifacts having recursive call" violating XML file

1.3.1-funcrel

Note

JEE 1.3.1-funcrel has dependency on CAST AIP Internal Extension 0.9.0 LTS (the installation of internal platform 0.9.0 will be automatic).

Resolved Issues

Customer Ticket IdDetails
22290Fix for GUID changing between snapshots for AUs with mixed Java versions; GUID instability due to random jar usage and GUID instability with objects from Environment Profile vs classpath. Method GUID has been updated to use Short Names instead of Fully Qualified Names in parameters
Callee TypeCaller TypeDetails
JPA EntityJava MethodMissing 'Use Insert', 'Use Delete' and 'Use Select' links has been fixed. An increment in these types of links might be expected.

Other Updates

Details
GUID implementation now uses Short Names instead of Fully Qualified Names for Method Parameters

Rules

Rule IdNew RuleDetails
8102FALSEFixed false positives and improved bookmarks for the rule: Avoid hardcoded network resource names (JEE)
7202FALSEFalse positives for Rule "Check usage of '==' and '!=' on objects" has been removed

1.3.0-funcrel

Note

The rule improvement made in this release of the extension, will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.

Rules

Rule IdNew RuleDetails
7722FALSEAvoid using persistent class's identifier in equals() method. Incorrect bookmarks fixed and support for getters added.
8040FALSEStruts 2: Avoid Action Fields without Validation. False violations removed.
4610FALSEAvoid using anonymous Classes. The scope has been changed.

1.3.0-beta3

Note

The rule improvement made in this release of the extension, will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.

Resolved Issues

Customer Ticket IdDetails
24663Fix for invalid parsing errors due to presence of attributes without values in nodes in a JSP file. The change may result in more JSP objects along with links associated with them.
25724Fix for an event invocation for extensions depending on JEE. The fix may result in more configuration file objects and links associated to them.

Rules

Rule IdNew RuleDetails
7134FALSE[DEPRECATED] Avoid having Struts local forward with same name as Struts global forward
7488FALSELazy fetching should be used for Hibernate collection. Additional information of fully qualified name of the field associated with the violating JPA entity property added.
4722FALSE[DEPRECATED] Avoid having classes referencing Database objects
4606FALSEAvoid using 'sun.*' Classes. Removed 'com.sun.*' from implementation as some packages like 'com.sun.jersey' are actively used. Changed the name, description, rationale and remediation
7710FALSEAvoid non serializable Entity beans. Made Implementation Changes to remove false violations
4708FALSEAvoid using Dynamic Instantiation. Made Implementation changes to remove false positives and wrong bookmark.

1.3.0-beta2

Note

This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. In addition, rules marked as [DEPRECATED] in the list below will not be triggered during any new analysis actioned with this release nor any future release of the extension - this may also impact the grades of your existing analysis results. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented. Lastly, this extension should not be used with AIP Core 8.3.24, 25, and 26 due to erroneous results - any previous or newer release of AIP Core should be used instead.

Rules

Rule IdNew RuleDetails
7292FALSEAvoid cyclical calls and inheritances between packages. Sample, Remediation Sample and Reference Added. Decreased Weight and Threshold and made a non-critical rule.
8214FALSEAvoid operating on resource after expiration or release. Scope and configuration changed.
4572FALSE[DEPRECATED] Avoid declaring Final Instance Variables that are not initialized.
4568FALSE[DEPRECATED] Avoid declaring Public Instance Variables.
4566FALSE[DEPRECATED] Avoid declaring Instance Variables without defined access type.
7306FALSE[DEPRECATED] Avoid declaring Inner Classes.
7308FALSE[DEPRECATED] Avoid using Inner Classes.
4614FALSE[DEPRECATED] Proper overriding of 'clone()'.
4560FALSEAvoid large Interfaces - too many Methods (JEE). Improved Rationale.
4558FALSEAvoid large Classes - too many Fields. Improved Rationale.
4556FALSEAvoid large Classes - too many Constructors (JEE). Improved Rationale.
8218FALSE[DEPRECATED] Content type should be checked when receiving a HTTP Post.
2258FALSE[DEPRECATED] All image files should be in a specific directory.
4616FALSE'super.finalize()' should be invoked when overriding finalize() method'. Name, Description, Rationale, Sample and Remediation Sample Improved. Scope Changed
4656FALSEAvoid declaring an exception in the method signature and not throwing it. Name, Description,Remediation and Reference Improved. Scope Changed.
4740FALSEField naming convention - case control. Rationale Improved.
4738FALSEConstant naming convention - case control (JEE). Rationale improved. Configuration changed.
4736FALSEMethod naming convention - case control (JEE). Rationale improved.
4734FALSEClass naming convention - case control (JEE). Rationale improved.
4732FALSEInterface naming convention - case control. Rationale Improved.
4730FALSEPackage naming convention - case control. Rationale Improved.
4680FALSEPublic Fields must have JavaDoc Comments. Name, Description, Reference, Sample and Remediation Sample Improved. Scope changed.
7238FALSEAvoid calls between JSP Page for application using Struts framework. Improved rule name.
8220FALSEAvoid using deprecated method, constructor, field, type or package. Description, Reference, Sample and Remediation Sample Improved. Rule is updated to be a Non Critical Rule.
8136FALSECDI Beans with normal scope must be proxyable to avoid runtime errors. Name updated to be precise with the rule. Scope and configuration changed.
8100FALSEBlocking synchronous calls should have associated timeouts. Description and Reference Improved. Added Sample, Remediation and Remediation Sample. Lowered the Threshold. Scope changed.
8016FALSEAvoid unrestricted access to EJB remote methods. Name, Description, Rationale, Reference, Sample, Remediation and Remediation Sample changed. False violations have been removed.
8040FALSEStruts 2: Avoid Action Fields without Validation. Name, Description and Reference changed. False violations have been removed.
7634FALSEAvoid Hibernate Entity with 'select-before-update' set to true if not associated to table that fires an UPDATE trigger. Name, Description and Reference changed.
7202FALSEAvoid using '==' and '!=' to compare objects. Name, Description, Rationale, Reference, Remediation and Remediation Sample Improved.Missing violation fixed.
7732FALSEAvoid non validated inputs in JSP files that use JSF. Documentation Change. Name, Description, Rationale and Reference Improved. Missing violation fixed.
7910FALSENever exit a finally block with a return, break, continue, or throw statements. Name, Description,Sample and Remediation Sample Improved.
7940FALSEAvoid accumulating Stateful Beans. Name, Description, Rationale, Sample, Remediation and Remediation Sample Improved. Fixed false violations.
7962FALSEAvoid direct or indirect remote calls inside a loop. Description, Rationale, Reference, Sample and Remediation Sample Improved.
7362FALSE[DEPRECATED] Avoid Struts action mappings validator turned off.
7382FALSEStruts1: Avoid Struts Validator field without Form Field. Name, Description and Rationale Improved.
7372FALSEStruts 1: Enable Struts Validator plugin. Name and Description changed. Added Sample.
7380FALSEStruts 1: Avoid unused validation form. Name, Description and Rationale changed. Increased the Threshold.
7488FALSELazy fetching should be used for Hibernate collection. Name, Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. Missing violation fixed.
7192FALSEAvoid using Struts Form that cannot extend Validator Class. Name, Description, Reference, Sample and Remediation Sample changed. Threshold Increased.
7254FALSEDeclare as Static all methods not using instance members. Name and Description changed. Added Reference.
7416FALSEStruts1: Avoid Action Form Field without Validator. Name, Description and Reference changed.
7154FALSEStruts1: Avoid Struts Fields in Action Classes that are not final static. Name, Description, Rationale and Reference changed. Scope changed. Incorrect Bookmark fixed.
7494FALSEPersistent class method's equals() and hashCode() must access its fields through getter methods. Name and Description changed. Missing violation fixed.
7140FALSEStruts Action artifacts should not directly call a JSP page. Name, Description and Rationale changed. Changed it to Non Critical Rule since it is just a programming practice. Missing violations have been fixed.
7434FALSEEnsure to override both equals() and hashCode(). Name, Description, Reference and Remediation changed.
7440FALSEAvoid having suspicious similar method names or signatures in an inheritance tree. Name, Description and Remediation changed. Scope changed.
7438FALSEAvoid non thread safe singleton. Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. False Violations removed.
7502FALSENever use an array to map Hibernate collection. Name, Description and Rationale changed. Missing Violations fixed.
7132FALSE[DEPRECATED] Struts action Mappings should have few forwards.
7136FALSE[DEPRECATED] Each method in an Action Class should have a small complexity.
7510FALSE[DEPRECATED] Use only Hibernate API to access to the database.
7676FALSE[DEPRECATED] Avoid too many packages referencing Mainframe.
7138FALSE[DEPRECATED] Action Classes should only be called by Action Mappings tag (for Struts 1.x) or Action tag (for Struts 2.x).
4696FALSE[DEPRECATED] Avoid using 'System.err' and 'System.out' within a try catch block.
2284FALSE[DEPRECATED] Avoid large JSP Pages - too many Scriptlets.
2236FALSE[DEPRECATED] Avoid use of standard SQL API.
2282FALSE[DEPRECATED] Avoid large Include Files.
4698FALSE[DEPRECATED] Avoid using 'System.err' and 'System.out' outside a try catch block.
4574FALSE[DEPRECATED] Avoid using deprecated objects.
2278FALSE[DEPRECATED] Check the use of "foreach" custom tag library.
2244FALSE[DEPRECATED] Avoid undocumented Web Server Pages.
2242FALSE[DEPRECATED] Avoid direct definition of JavaScript Functions in a Web page (JEE).
2248FALSE[DEPRECATED] Avoid Web Server pages having a very low Comment/Code ratio.
2280FALSE[DEPRECATED] Avoid using Document.all collection.
2264FALSE[DEPRECATED] All page files should be in a specific directory.
8104FALSEAvoid missing release of SQL connection after an effective lifetime (JEE). Name, Description, Rationale and Reference changed. Threshold has been increased.
7144FALSE[DEPRECATED] Avoid using database objects from Struts Action Artifacts.
7936FALSE[DEPRECATED] Avoid using finalize().
7508FALSEGetter of collection-typed persistent attributes should return the correct interface type. Name, Description and Reference changed.
7150FALSE[DEPRECATED] Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement.
7146FALSEAlways have JSP pages referencing Java Objects associated to JEE Scoped Bean. Name, Description and Reference changed Sample and Remediation Sample has been added.
4674FALSEPublic Methods must have appropriate JavaDoc @return tags. Name Changed. Reference, Sample, Remediation and Remediation Sample has been added.
4618FALSEAvoid instantiating a Boolean object. Name, Description and Rationale changed Reference, Sample and Remediation Sample has been added
4716FALSEAvoid Classes implementing too many Interfaces (JEE). Description changed Rationale, Sample and Remediation Sample has been added
7134FALSEStruts1: Avoid having Struts local forward with same name as Struts global forward. Name, Description and Output changed Rationale, Sample, Remediation and Remediation Sample has been added.
4704FALSEAvoid using Vector. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample has been added
4670FALSEPublic Methods must have JavaDoc comments. Name, Description and Output changed Reference, Sample, Remediation and Remediation Sample has been added. Scope changed.
7640FALSEAvoid using catch blocks with assertion. Name, Description and Rationale changed Reference has been added.
7648FALSEAvoid an explicit call to finalize(). Name, Description and Rationale, Reference and Remediation changed. Scope changed. Weight Increased.
7702FALSEHibernate-provided implementations from third parties should be used for connection pool. Name, Description, Rationale, Reference and Remediation changed
7700FALSEStruts1: Only Struts HTTP Servlet should be used for Struts based application. Name, Description and Remediation changed. Remediation Sample added.
7712FALSEAvoid public/protected setter for the generated identifier field. Description and Remediation changed.
7720FALSE[DEPRECATED] Avoid too many EJB beans.
7726FALSEAvoid Struts Action Classes that call packages having direct access to database. Name, Description, Rationale and Output changed. Sample and Remediation Sample added. Scope changed.
7942FALSEAvoid EJBs using 'synchronized' qualifier, 'wait', 'notify' and 'notifyAll' Methods. Description and Rationale changed. Reference, Sample and Remediation Sample added.
7964FALSEAvoid directly instantiating a Class used as a managed bean. Description changed. Removed false violations and fixed missing violations.
7954FALSEAvoid indirect String concatenation inside loops. Description, Rationale, Reference, Sample and Remediation Sample changed
7506FALSEequals() and hashCode() should be defined for Hibernate/JPA component. Name,Description and Rationale changed. Missing violation fixed.
7190FALSEStruts1: Validate() Method of Struts Validator form must call super.validate(). Name, Description, Rationale, Reference and Sample changed Threshold value Increased. Changed to a Critical Rule since it impacts Security.
7152FALSEAvoid Fields in Servlet Classes that are not final static. Description, Rationale and Reference changed Sample and Remediation Sample added.
7252FALSECall 'super.finalize ()' in the "finally" block of 'finalize ()' methods.Description, Rationale and Reference improved.
4706FALSEAvoid using Hashtable. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample added
2266FALSE[DEPRECATED] Avoid non standard file extensions (JEE)
7220FALSE[DEPRECATED] Avoid Unused Imports
7188FALSE[DEPRECATED] Private fields must have JavaDoc Comments
2254FALSE[DEPRECATED] Avoid large Page files (JEE)
7142FALSE[DEPRECATED] Action Classes should have only one public method
2260FALSE[DEPRECATED] All script files should be in a specific directory
4668FALSE[DEPRECATED] Classes and Interfaces must have JavaDoc @author tag
4678FALSE[DEPRECATED] Public Methods must have appropriate JavaDoc @exception tags
4676FALSEPublic Methods must have appropriate JavaDoc @throws/@exception tags. Name, Description, Rationale and output changed Reference, Sample, Remediation and Remediation Sample added. Missing violation fixed
4694FALSEAvoid using 'System.gc' and 'Runtime.gc'. Name, Description, Rationale Improved. Reference, Sample, Remediation and Remediation Sample added. Threshold Value Increased and changed it to a critical rule. Missing violation fixed
4672FALSEPublic Methods must have appropriate JavaDoc @param tags. Name, Description, Rationale changed Reference, Sample and Remediation Sample added
4718FALSEAvoid having package without enough Classes/Interfaces. Remediation added
1022000FALSE[DEPRECATED] Avoid weak encryption algorithm as DES and triple DES
4666FALSEClasses and Interfaces must have JavaDoc Comments. Description Changed. Reference, Sample, Remediation, Remediation Sample added.
7708FALSEAvoid using session.setFlushMode(FlushMode.COMMIT, FlushMode.NEVER or FlushMode.MANUAL). Rationale and Reference improved. Sample and Remediation Sample added.
7240FALSE[DEPRECATED] Struts Action Classes should only call Business Classes
4596FALSEAvoid using 'java.lang.System.getenv()'. Description Changed. Sample and Reference added.
7682FALSEAvoid having Hibernate domain model depending on other Java APIs. Name and Description Changed. Remediation Sample added.
7734FALSEAvoid using debug() method without calling isDebugEnabled() method. Name,Description, Reference Sample, Remediation Sample and Scope Changed.
7722FALSEAvoid using persistent class's identifier in equals() method. Name,Description, Rationale,Reference, Remediation, Output and Scope Changed. Missing violation fixed.
7638FALSEAvoid directly managing the connection to the database by using DriverManager. Name,Description, Rationale,Reference, Sample, Remediation Sample and Remediation, Output and Scope changed. Threshold Increased. Changed it to a critical rule.
7728FALSEAvoid thread creation for application running on application server. Description, Reference, Grade Impact Changed. Threshold Increased. Changed it to a critical rule.
7956FALSE[DEPRECATED] Avoid indirect exception handling inside loops
7206FALSEAvoid the use of Instanceof inside loops. Name,Description, Rationale,Reference,Remediation Sample and Remediation Changed. Scope Changed
7562FALSEAvoid static Field of type collection. Description, Rationale,Reference,Sample and Remediation Sample Changed. Removed False Violation.
7256FALSEProvide a private default Constructor for utility Classes. Name, Description, and Reference Changed.
7496FALSEUse table-per-subclass strategy when subclasses have many properties. Description, Rationale, Reference, Sample and Remediation Sample Changed. Missing violation fixed.
4570FALSEAvoid declaring Non Final Class Variables with Public, Protected or Package access type. Name, Description, and Rationale Changed. Reference, Sample and Remediation Sample added. Missing violation fixed.
7730FALSEAlways use declarative transaction. Name, Description, Sample and Remediation Sample Changed.
7196FALSEAvoid large number of String concatenation (JEE). Description, Rationale, Reference and Sample Changed.
2238FALSEAvoid unreferenced JSP pages. Name, Description, Remediation, Output and Scope Changed.
7148FALSE[DEPRECATED] JSP pages should always be accessed through their tiles definition
4744FALSE[DEPRECATED] EJB Entity access through their local Interface
2262FALSE[DEPRECATED] All cascading style sheet files should be in specific directory
8096FALSEAvoid testing floating point numbers for equality. Description, Sample,Remediation Sample, Reference and Thresholds Changed. Changed to a Critical Rule. Missing violation fixed.
8038FALSEStruts 2: Avoid Struts Validator field without Form Field. Name, Description, Rationale and Scope Changed
7710FALSEAvoid non serializable Entity beans. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed.
7704FALSEAll static fields in the enterprise bean class should be declared as final. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed. Incorrect bookmark fixed.
7678FALSEAvoid logging using basic java log files.Name, Description, Rationale, Remediation and Reference Changed. Missing violation fixed.
7490FALSEAvoid UPDATE trigger firing when not necessary. Description Improved.
4700FALSE[DEPRECATED] Avoid using 'Throwable.printStackTrace()' within a try catch block
7444FALSEAvoid Using Non-Serialized Beans with Session Scope. Name, Description, Rationale, Sample, Remediation Sample, Scope and Reference Changed.
7500FALSEUse table-per-class-hierarchy when subclasses have few properties. Description, Sample, Remediation Sample and Reference Changed. Missing violation fixed.
7248FALSEAvoid Packages with High Afferent Coupling (CA). Output and Scope Changed. Remediation and Reference Added.
4702FALSEAvoid using 'Throwable.printStackTrace()' with no argument. Description, Rationale and Reference Changed. Remediation Sample Added.
4612FALSEAvoid using native Methods (JNI). Description, Rationale, Reference, Scope and Configuration Changed. Sample and Remediation added.
4600FALSEAvoid using Exit and Halt Methods on a Web/Application Server. Name, Description, Rationale, Output and Configuration Changed. Sample, Remediation and Remediation Sample added. Changed it to a Critical Rule. Missing violation fixed
4746FALSE[DEPRECATED] EJB Session access through their local Interface
4576FALSE[DEPRECATED] Provide accessors to Private Fields
4598FALSEAvoid using 'java.lang.Runtime.exec()'. Description, Rationale, Reference, Sample and Remediation added.Increased Threshold. Changed it to a Critical Rule.
4604FALSEAvoid using 'java.lang.Error'. Reference and Sample changed. Remediation, Remediation Sample added. Scope Changed.
4708FALSEAvoid using Dynamic Instantiation. Reference, Sample and Remediation Sample Added.
4606FALSEAvoid using 'sun.*' and 'com.sun.*' Classes. Name, Description, Reference and Output Changed. Remediation and Sample Added.
7650FALSEAll types of a serializable Class must be serializable. Description, Rationale and Reference Changed. Scope Changed.
7654FALSEAvoid database tables associated to more than one Hibernate Entity. Description, Sample and Output Changed. Reference And Remediation Sample Added. Missing violation fixed.
7716FALSEAvoid defining singleton or factory classes when using Spring. Name, Description, Rationale, Reference, Sample, Remediation, Remediation Sample and Configuration Changed.
7668FALSE[DEPRECATED] Avoid using DOM parser for large or medium sized XML file parsing
4578FALSECollection interfaces should be used as method return types instead of their implementation classes. Name and Configuation Changed. Reference, Sample and Remediation Sample Added.
4580FALSECollection declarations should use interfaces instead of implementation classes. Name and Configuration Changed. Reference, Sample and Remediation Sample Added.
7498FALSEAvoid Incorrect implementation of getters and setters for Collection Type. Configuration Changed. Sample and Remediation Sample Added.
7200FALSEAvoid String concatenation in loops. False violation fixed.
7492FALSEAvoid Hibernate and JPA Entities using many-to-many association. Description Changed
7636FALSEPrefer using version number instead of timestamp for Hibernate Entity. Sample and Remediation Sample Added. Made a non Critical rule. Scope of the rule extended to check annotation based Hibernate Entities.
4602FALSEAvoid using Fields (non static final) from other Classes. Sample and Remediation Sample Added. Weight Reduced. False violation in case where an inner class access a field from the base class of an outer class is fixed.
8042FALSEStruts 2: Avoid unused validation form. Name, Description, Remediation and Remediation Sample Improved. Scope Definition aligned with the rule. Added the Missing RelyOn Link to fix a False Violation.
7724FALSEOverriden equals() Methods in persistent Subclasses should only reference properties from the persistent base Class. Name and Description Improved. Missing Violations are fixed with correct bookmarks.
7250FALSEAvoid String initialization with String object (created using the 'new' keyword). Name Improved, Reference added.

Performance Improvements

Summary
Performance issues related to Quality Rule "Avoid unused import in jsp file" are fixed.

1.3.0-beta1

Note

This extension has been withdrawn.

Rules

Rule IdNew RuleDetails
4558FALSEAvoid large Classes - too many Fields. Improved Rationale.
4556FALSEAvoid large Classes - too many Constructors (JEE). Improved Rationale.
8218FALSE[DEPRECATED] Content type should be checked when receiving a HTTP Post.
2258FALSE[DEPRECATED] All image files should be in a specific directory.
4656FALSEAvoid declaring an exception in the method signature and not throwing it. Name, Description,Remediation and Reference Improved. Scope Changed.
4740FALSEField naming convention - case control. Rationale Improved.
4738FALSEConstant naming convention - case control (JEE). Rationale improved. Configuration changed.
4736FALSEMethod naming convention - case control (JEE). Rationale improved.
4732FALSEInterface naming convention - case control. Rationale Improved.
4730FALSEPackage naming convention - case control. Rationale Improved.
4680FALSEPublic Fields must have JavaDoc Comments. Name, Description, Reference, Sample and Remediation Sample Improved. Scope changed.
7238FALSEAvoid calls between JSP Page for application using Struts framework. Improved rule name.
8220FALSEAvoid using deprecated method, constructor, field, type or package. Description, Reference, Sample and Remediation Sample Improved. Rule is updated to be a Non Critical Rule.
8136FALSECDI Beans with normal scope must be proxyable to avoid runtime errors. Name updated to be precise with the rule. Scope and configuration changed.
8100FALSEBlocking synchronous calls should have associated timeouts. Description and Reference Improved. Added Sample, Remediation and Remediation Sample. Lowered the Threshold. Scope changed.
8016FALSEAvoid unrestricted access to EJB remote methods. Name, Description, Rationale, Reference, Sample, Remediation and Remediation Sample changed. False violations have been removed.
8040FALSEStruts 2: Avoid Action Fields without Validation. Name, Description and Reference changed. False violations have been removed.
7634FALSEAvoid Hibernate Entity with 'select-before-update' set to true if not associated to table that fires an UPDATE trigger. Name, Description and Reference changed.
7202FALSEAvoid using '==' and '!=' to compare objects. Name, Description, Rationale, Reference, Remediation and Remediation Sample Improved.Missing violation fixed.
7732FALSEAvoid non validated inputs in JSP files that use JSF. Documentation Change. Name, Description, Rationale and Reference Improved. Missing violation fixed.
7910FALSENever exit a finally block with a return, break, continue, or throw statements. Name, Description,Sample and Remediation Sample Improved.
7940FALSEAvoid accumulating Stateful Beans. Name, Description, Rationale, Sample, Remediation and Remediation Sample Improved. Fixed false violations.
7962FALSEAvoid direct or indirect remote calls inside a loop. Description, Rationale, Reference, Sample and Remediation Sample Improved.
7362FALSE[DEPRECATED] Avoid Struts action mappings validator turned off.
7382FALSEStruts1: Avoid Struts Validator field without Form Field. Name, Description and Rationale Improved.
7372FALSEStruts 1: Enable Struts Validator plugin. Name and Description changed. Added Sample.
7380FALSEStruts 1: Avoid unused validation form. Name, Description and Rationale changed. Increased the Threshold.
7488FALSELazy fetching should be used for Hibernate collection. Name, Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. Missing violation fixed.
7192FALSEAvoid using Struts Form that cannot extend Validator Class. Name, Description, Reference, Sample and Remediation Sample changed. Threshold Increased.
7254FALSEDeclare as Static all methods not using instance members. Name and Description changed. Added Reference.
7416FALSEStruts1: Avoid Action Form Field without Validator. Name, Description and Reference changed.
7154FALSEStruts1: Avoid Struts Fields in Action Classes that are not final static. Name, Description, Rationale and Reference changed. Scope changed. Incorrect Bookmark fixed.
7494FALSEPersistent class method's equals() and hashCode() must access its fields through getter methods. Name and Description changed. Missing violation fixed.
7140FALSEStruts Action artifacts should not directly call a JSP page. Name, Description and Rationale changed. Changed it to Non Critical Rule since it is just a programming practice. Missing violations have been fixed.
7434FALSEEnsure to override both equals() and hashCode(). Name, Description, Reference and Remediation changed.
7440FALSEAvoid having suspicious similar method names or signatures in an inheritance tree. Name, Description and Remediation changed. Scope changed.
7438FALSEAvoid non thread safe singleton. Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. False Violations removed.
7502FALSENever use an array to map Hibernate collection. Name, Description and Rationale changed. Missing Violations fixed.
7132FALSE[DEPRECATED] Struts action Mappings should have few forwards.
7136FALSE[DEPRECATED] Each method in an Action Class should have a small complexity.
7510FALSE[DEPRECATED] Use only Hibernate API to access to the database.
7676FALSE[DEPRECATED] Avoid too many packages referencing Mainframe.
7138FALSE[DEPRECATED] Action Classes should only be called by Action Mappings tag (for Struts 1.x) or Action tag (for Struts 2.x).
4696FALSE[DEPRECATED] Avoid using 'System.err' and 'System.out' within a try catch block.
2284FALSE[DEPRECATED] Avoid large JSP Pages - too many Scriptlets.
2236FALSE[DEPRECATED] Avoid use of standard SQL API.
2282FALSE[DEPRECATED] Avoid large Include Files.
4698FALSE[DEPRECATED] Avoid using 'System.err' and 'System.out' outside a try catch block.
4574FALSE[DEPRECATED] Avoid using deprecated objects.
2278FALSE[DEPRECATED] Check the use of "foreach" custom tag library.
2244FALSE[DEPRECATED] Avoid undocumented Web Server Pages.
2242FALSE[DEPRECATED] Avoid direct definition of JavaScript Functions in a Web page (JEE).
2248FALSE[DEPRECATED] Avoid Web Server pages having a very low Comment/Code ratio.
2280FALSE[DEPRECATED] Avoid using Document.all collection.
2264FALSE[DEPRECATED] All page files should be in a specific directory.
8104FALSEAvoid missing release of SQL connection after an effective lifetime (JEE). Name, Description, Rationale and Reference changed. Threshold has been increased.
7144FALSE[DEPRECATED] Avoid using database objects from Struts Action Artifacts.
7936FALSE[DEPRECATED] Avoid using finalize().
7508FALSEGetter of collection-typed persistent attributes should return the correct interface type. Name, Description and Reference changed.
7150FALSE[DEPRECATED] Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement.
7146FALSEAlways have JSP pages referencing Java Objects associated to JEE Scoped Bean. Name, Description and Reference changed Sample and Remediation Sample has been added.
4674FALSEPublic Methods must have appropriate JavaDoc @return tags. Name Changed. Reference, Sample, Remediation and Remediation Sample has been added.
4618FALSEAvoid instantiating a Boolean object. Name, Description and Rationale changed Reference, Sample and Remediation Sample has been added
4716FALSEAvoid Classes implementing too many Interfaces (JEE). Description changed Rationale, Sample and Remediation Sample has been added
7134FALSEStruts1: Avoid having Struts local forward with same name as Struts global forward. Name, Description and Output changed Rationale, Sample, Remediation and Remediation Sample has been added.
4704FALSEAvoid using Vector. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample has been added
4670FALSEPublic Methods must have JavaDoc comments. Name, Description and Output changed Reference, Sample, Remediation and Remediation Sample has been added. Scope changed.
7640FALSEAvoid using catch blocks with assertion. Name, Description and Rationale changed Reference has been added.
7648FALSEAvoid an explicit call to finalize(). Name, Description and Rationale, Reference and Remediation changed. Scope changed. Weight Increased.
7702FALSEHibernate-provided implementations from third parties should be used for connection pool. Name, Description, Rationale, Reference and Remediation changed
7700FALSEStruts1: Only Struts HTTP Servlet should be used for Struts based application. Name, Description and Remediation changed. Remediation Sample added.
7712FALSEAvoid public/protected setter for the generated identifier field. Description and Remediation changed.
7720FALSE[DEPRECATED] Avoid too many EJB beans.
7726FALSEAvoid Struts Action Classes that call packages having direct access to database. Name, Description, Rationale and Output changed. Sample and Remediation Sample added. Scope changed.
7942FALSEAvoid EJBs using 'synchronized' qualifier, 'wait', 'notify' and 'notifyAll' Methods. Description and Rationale changed. Reference, Sample and Remediation Sample added.
7964FALSEAvoid directly instantiating a Class used as a managed bean. Description changed. Removed false violations and fixed missing violations.
7954FALSEAvoid indirect String concatenation inside loops. Description, Rationale, Reference, Sample and Remediation Sample changed
7506FALSEequals() and hashCode() should be defined for Hibernate/JPA component. Name,Description and Rationale changed. Missing violation fixed.
7190FALSEStruts1: Validate() Method of Struts Validator form must call super.validate(). Name, Description, Rationale, Reference and Sample changed Threshold value Increased. Changed to a Critical Rule since it impacts Security.
7152FALSEAvoid Fields in Servlet Classes that are not final static. Description, Rationale and Reference changed Sample and Remediation Sample added.
7252FALSECall 'super.finalize ()' in the "finally" block of 'finalize ()' methods.Description, Rationale and Reference improved.
4706FALSEAvoid using Hashtable. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample added
2266FALSE[DEPRECATED] Avoid non standard file extensions (JEE)
7220FALSE[DEPRECATED] Avoid Unused Imports
7188FALSE[DEPRECATED] Private fields must have JavaDoc Comments
2254FALSE[DEPRECATED] Avoid large Page files (JEE)
7142FALSE[DEPRECATED] Action Classes should have only one public method
2260FALSE[DEPRECATED] All script files should be in a specific directory
4668FALSE[DEPRECATED] Classes and Interfaces must have JavaDoc @author tag
4678FALSE[DEPRECATED] Public Methods must have appropriate JavaDoc @exception tags
4676FALSEPublic Methods must have appropriate JavaDoc @throws/@exception tags. Name, Description, Rationale and output changed Reference, Sample, Remediation and Remediation Sample added. Missing violation fixed
4694FALSEAvoid using 'System.gc' and 'Runtime.gc'. Name, Description, Rationale Improved. Reference, Sample, Remediation and Remediation Sample added. Threshold Value Increased and changed it to a critical rule. Missing violation fixed
4672FALSEPublic Methods must have appropriate JavaDoc @param tags. Name, Description, Rationale changed Reference, Sample and Remediation Sample added
4718FALSEAvoid having package without enough Classes/Interfaces. Remediation added
1022000FALSE[DEPRECATED] Avoid weak encryption algorithm as DES and triple DES
4666FALSEClasses and Interfaces must have JavaDoc Comments. Description Changed. Reference, Sample, Remediation, Remediation Sample added.
7708FALSEAvoid using session.setFlushMode(FlushMode.COMMIT, FlushMode.NEVER or FlushMode.MANUAL). Rationale and Reference improved. Sample and Remediation Sample added.
7240FALSE[DEPRECATED] Struts Action Classes should only call Business Classes
4596FALSEAvoid using 'java.lang.System.getenv()'. Description Changed. Sample and Reference added.
7682FALSEAvoid having Hibernate domain model depending on other Java APIs. Name and Description Changed. Remediation Sample added.
7734FALSEAvoid using debug() method without calling isDebugEnabled() method. Name,Description, Reference Sample, Remediation Sample and Scope Changed.
7722FALSEAvoid using persistent class's identifier in equals() method. Name,Description, Rationale,Reference, Remediation, Output and Scope Changed. Missing violation fixed.
7638FALSEAvoid directly managing the connection to the database by using DriverManager. Name,Description, Rationale,Reference, Sample, Remediation Sample and Remediation, Output and Scope changed. Threshold Increased. Changed it to a critical rule.
7728FALSEAvoid thread creation for application running on application server. Description, Reference, Grade Impact Changed. Threshold Increased. Changed it to a critical rule.
7956FALSE[DEPRECATED] Avoid indirect exception handling inside loops
7206FALSEAvoid the use of Instanceof inside loops. Name,Description, Rationale,Reference,Remediation Sample and Remediation Changed. Scope Changed
7562FALSEAvoid static Field of type collection. Description, Rationale,Reference,Sample and Remediation Sample Changed. Removed False Violation.
7256FALSEProvide a private default Constructor for utility Classes. Name, Description, and Reference Changed.
7496FALSEUse table-per-subclass strategy when subclasses have many properties. Description, Rationale, Reference, Sample and Remediation Sample Changed. Missing violation fixed.
4570FALSEAvoid declaring Non Final Class Variables with Public, Protected or Package access type. Name, Description, and Rationale Changed. Reference, Sample and Remediation Sample added. Missing violation fixed.
7730FALSEAlways use declarative transaction. Name, Description, Sample and Remediation Sample Changed.
7196FALSEAvoid large number of String concatenation (JEE). Description, Rationale, Reference and Sample Changed.
2238FALSEAvoid unreferenced JSP pages. Name, Description, Remediation, Output and Scope Changed.
7148FALSE[DEPRECATED] JSP pages should always be accessed through their tiles definition
4744FALSE[DEPRECATED] EJB Entity access through their local Interface
2262FALSE[DEPRECATED] All cascading style sheet files should be in specific directory
8096FALSEAvoid testing floating point numbers for equality. Description, Sample,Remediation Sample, Reference and Thresholds Changed. Changed to a Critical Rule. Missing violation fixed.
8038FALSEStruts 2: Avoid Struts Validator field without Form Field. Name, Description, Rationale and Scope Changed
7710FALSEAvoid non serializable Entity beans. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed.
7704FALSEAll static fields in the enterprise bean class should be declared as final. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed. Incorrect bookmark fixed.
7678FALSEAvoid logging using basic java log files.Name, Description, Rationale, Remediation and Reference Changed. Missing violation fixed.
7490FALSEAvoid UPDATE trigger firing when not necessary. Description Improved.
4700FALSE[DEPRECATED] Avoid using 'Throwable.printStackTrace()' within a try catch block
7444FALSEAvoid Using Non-Serialized Beans with Session Scope. Name, Description, Rationale, Sample, Remediation Sample, Scope and Reference Changed.
7500FALSEUse table-per-class-hierarchy when subclasses have few properties. Description, Sample, Remediation Sample and Reference Changed. Missing violation fixed.
7248FALSEAvoid Packages with High Afferent Coupling (CA). Output and Scope Changed. Remediation and Reference Added.
4702FALSEAvoid using 'Throwable.printStackTrace()' with no argument. Description, Rationale and Reference Changed. Remediation Sample Added.
4612FALSEAvoid using native Methods (JNI). Description, Rationale, Reference, Scope and Configuration Changed. Sample and Remediation added.
4600FALSEAvoid using Exit and Halt Methods on a Web/Application Server. Name, Description, Rationale, Output and Configuration Changed. Sample, Remediation and Remediation Sample added. Changed it to a Critical Rule. Missing violation fixed
4746FALSE[DEPRECATED] EJB Session access through their local Interface
4576FALSE[DEPRECATED] Provide accessors to Private Fields
4598FALSEAvoid using 'java.lang.Runtime.exec()'. Description, Rationale, Reference, Sample and Remediation added.Increased Threshold. Changed it to a Critical Rule.
4604FALSEAvoid using 'java.lang.Error'. Reference and Sample changed. Remediation, Remediation Sample added. Scope Changed.
4708FALSEAvoid using Dynamic Instantiation. Reference, Sample and Remediation Sample Added.
4606FALSEAvoid using 'sun.*' and 'com.sun.*' Classes. Name, Description, Reference and Output Changed. Remediation and Sample Added.
7650FALSEAll types of a serializable Class must be serializable. Description, Rationale and Reference Changed. Scope Changed.
7654FALSEAvoid database tables associated to more than one Hibernate Entity. Description, Sample and Output Changed. Reference And Remediation Sample Added. Missing violation fixed.
7716FALSEAvoid defining singleton or factory classes when using Spring. Name, Description, Rationale, Reference, Sample, Remediation, Remediation Sample and Configuration Changed.
7668FALSE[DEPRECATED] Avoid using DOM parser for large or medium sized XML file parsing
4578FALSECollection interfaces should be used as method return types instead of their implementation classes. Name and Configuation Changed. Reference, Sample and Remediation Sample Added.
4580FALSECollection declarations should use interfaces instead of implementation classes. Name and Configuration Changed. Reference, Sample and Remediation Sample Added.
7498FALSEAvoid Incorrect implementation of getters and setters for Collection Type. Configuration Changed. Sample and Remediation Sample Added.
7200FALSEAvoid String concatenation in loops. False violation fixed.
7492FALSEAvoid Hibernate and JPA Entities using many-to-many association. Description Changed
4614FALSE[DEPRECATED] Proper overriding of 'clone'()

Performance Improvements

Summary
Performance issues related to Quality Rule "Avoid unused import in jsp file" are fixed.