This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.
Summary: This document provides information about changes and new features introduced in this release.
1.3.14-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 44210 | Fixes missing links in chained method calls involving implicit Lombok Getter objects and Java Methods. We now create Getter objects for methods and classes containing Lombok annotations. |
| 44425 | Fixes a missing link between Java Methods due to a bug in the type resolution of a method argument. This fix builds upon the earlier fix to Lombok Getter generation also present in this release. |
| 44299 | Fixes missing links to Java method references and also improves their processing. |
| 43411 | Fixes an access violation seen during the resolve declarations phase for two Java files. |
| 44636 | Fixes the cause of a warning "JAVA090 Class 'x.y.z.className' not found in file as expected under classpath". |
| 33826 | Fixes false violations for the rule 7502 "Never use an array to map Hibernate collection". |
| 42737 | Fixes false violations for the rule 7502 "Never use an array to map Hibernate collection". |
| 44970 | Upgrades the Struts 2.5 Environment Profile jars to the latest version. |
| 43518 | Fixes a syntax warning due to a Unicode "\u0000" used as a default value during Jar processing. |
Link Improvements
| Callee Type | Caller Type | Details |
|---|---|---|
| Implicitly Generated Java Method | Java Method | New links will be created from Java Methods to implicitly generated Java Methods from Lombok. |
| Java Method | Java Method | The new links to Lombok methods further improves resolution of chained method calls. Another fix improved the type resolution of method arguments involving Lombok Getters resulting in some new links. |
| Java Method Reference | Java Method | Added some missing links from Java Methods to Java Method References. |
Other Updates
| Details |
|---|
| Adds unit testing to check that the Lombok annotation @SuperBuilder is already supported. |
| Found the cause of missing link to a static Java Method. |
| Confirms the reason for a missing link to a Java Method of a Class present in a Jar file. |
| Fixes a syntax warning due to a Unicode "\u0000" used as a default value during Jar processing |
| Fixes improperly instantiated generic methods when Type Arguments have the same class names but are from different packages. |
| Fixes the cause of a random JAVA044 syntax warning while processing an empty character value from a Jar. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7502 | FALSE | Rule 7502 "Never use an array to map Hibernate collection" is moved to JEE and implemented as a scope and property based rule. |
1.3.13-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 42117 | Fixes false positives for the rule (8108): "Avoid missing release of stream connection after an effective lifetime". |
| 42470 | Fixes an issue causing the JEE analyzer to crash with the message: "warning 'Unknown Exception'" during the "Resolving parametrization links" step. |
| 42535 | Fixes false positives for the rule (8216): "Avoid using incompatible mutation". |
| 30703 | Fixes an issue causing the warnings "Exception durring resolution of a target of method :in position line/col:0/0" and "Error in inference engine". during the "JAVA305: Computing dynamic links..." step. |
| 42470 | Fixes an issue causing the warning "Job execution Log the exception information: Unknown Exception..." during the "JAVA307: Resolving parametrization links..." step. |
| 39615 | The rule name and documentation for rule 7150 has been updated: 1) the rule name has been reverted to "Favor PreparedStatement or CallableStatement over Statement" (from "Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement") and 2) rule description text has been changed to remove the use of the word ""string interpolation". |
Other Updates
| Details |
|---|
| Fixed a regression in performance with 1.3.4-funcrel and added better exception management. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 8108 | FALSE | Fixed false positives for rule 8108: "Avoid missing release of stream connection after an effective lifetime". |
| 8216 | FALSE | Fixed false positives for rule 8216: "Avoid using incompatible mutation". The rule Rationale, References and Remediation were also updated. |
| 7150 | FALSE | Name of the rule 7150 has been reverted to "Favor PreparedStatement or CallableStatement over Statement" from "Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement". |
| 7654 | FALSE | The performance of the computation for the rule 7654: "Avoid database tables associated to more than one Hibernate Entity" has been improved. |
| 7506 | FALSE | The performance of the computation for the rule 7506: "equals() and hashCode() should be defined for Hibernate/JPA component" has been improved. |
| 7730 | FALSE | The performance of the computation for the rule 7730: "Always use declarative transaction" has been improved. |
Performance Improvements
| Summary |
|---|
| Improved performance of code that looks up symbol matches. |
| Improved performance for the following rules that process XML configuration files: 7506, 7654 and 7730. |
| Improved performance of the GUID saver step. |
1.3.12-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 32929 | Fixes a resolution issue while processing classes with filenames containing UTF-8 characters. |
Other Updates
| Details |
|---|
| Fixes syntax warnings due to lack of support of Maps from JavaEE's Expression Language. |
| This change supports an updated behaviour for links from Java to SQL in new Python extensions. Extensions can now choose to disable links normally created by grep or the Inference Engine. |
Performance Improvements
| Summary |
|---|
| Improved the performance of an SQL procedure "DIAG_CHILDHOOD_PERSISTENT" used for the computation of Quality Rule violations. |
1.3.11-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 38165 | Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)". |
| 32928 | Fixed the incorrect resolution of generic methods type. Links will now be updated/resolved to correct symbols. |
| 32600 | Fixed false violations for rule (7446): "Avoid double checked locking for JSE 4.x and previous version". |
| 28903 | Documentation updated for rule (7964): "Avoid directly instantiating a Class used as a managed bean". |
| 40343 | Fixed a crash issue which occured due to apostrophes used in a project name. |
| 37751 | Fixed false violations for rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)" |
| 40894 | Fixed an analysis crash issue with an unknown exception, which occured during GUID computation. |
| 40780 | Fixed an access violation seen while processing an XML configuration file. |
| 39753 | Fixed false positives for the rule (8108): "Avoid missing release of stream connection after an effective lifetime". |
| 40777 | Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)" |
| 33674 | Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)" |
| 38101 | Fixed Spring Batch Job objects being invalidly created in JEE |
| 33238 | Fixed the cause of syntax warnings for some methods called 'record', and some cases of nested type arguments. |
| 40976 | Fixed an access violation seen while processing an XML configuration file. |
Link Improvements
| Callee Type | Caller Type | Details |
|---|---|---|
| Generic Method Type | Generic Method | Type of generic methods are being resolved. |
Other Updates
| Details |
|---|
| Rule 7192 is moved to JEE and implemented as a scope and property based rule. |
| Fixed an unknown exception observed in JEE due to a usage of Java Type Parameter. |
| Fixed Java analysis warnings seen in the Metric Assistant log. |
| Fixed Java analysis warnings seen in the Metric Assistant log. |
| Rule 4612 is moved to the JEE Analyzer. |
| Rule 4600 is moved to JEE and implemented as a scope and property based rule. |
| Added support for variable access in try-with-resource. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7446 | FALSE | False violations for rule "Avoid double checked locking for JSE 4.x and previous version" are fixed. The documentation under remediation, remediation samples & references have also been updated. |
| 7192 | FALSE | Rule 7192 "Avoid using Struts Form that cannot extend Validator Class" are moved to JEE and implemented as a scope and property based rule. |
| 7964 | FALSE | Updated the documentation with correct scope. |
| 8104 | FALSE | Removed false violations for the rule "Avoid missing release of SQL connection after an effective lifetime (JEE)". |
| 8108 | FALSE | Removed false violations for the rule "Avoid missing release of stream connection after an effective lifetime" |
| 4612 | FALSE | Rule 4612 "Avoid using native Methods (JNI)" are moved to the JEE Analyzer. |
| 4600 | FALSE | Rule 4600 "Avoid using Exit and Halt Methods on a Web/Application Server" are moved to JEE and implemented as a scope and property based rule. |
1.3.10-funcrel
Note
The snapshot fails using the version 1.3.9-funcrel due to a SQL error in the scope of the rule: 'Hibernate-provided implementations from third parties should be used for connection pool'
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 37255 | Fixed unresolved type. |
| 38216 | Fixes an issue where syntax is not recognized while passing resources to a try block. |
| 39797 | Fixes an issue causing a snapshot to fail with the error: missing FROM-clause entry for table "odd". |
| 38346 | Fixed an access violation seen in some cases of Switch Statements or Expressions. |
| 37371 | Fixed an access violation seen in some cases of Switch Statements or Expressions. |
| 39033 | Fixed an exception seen while parsing some Annotation parameters. |
| 38594 | Fixed an exception encountered while processing some "Type Arguments" in Lambda Expressions. |
| 38434 | Fixed an exception encountered while processing some "Type Arguments" in Lambda Expressions. |
| 38175 | Fixed the incomplete resolution of Lambda parameters. New links would now be created for these resolved symbols. |
| 33723 | Fixed a false positive for the rule (8108): "Avoid missing release of stream connection after an effective lifetime". |
| 35133 | Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)". |
| 35134 | Fixed an issue that caused a missing violation for the rule (8108): "Avoid missing release of stream connection after an effective lifetime". |
| 37019 | Fixed false violations for the rule (7728): "Avoid thread creation for application running on application server" that were seen in a Spring Boot application (non-EJB). |
| 38584 | Fixed a false violation on rule 8214: "Avoid operating on resource after expiration or release". |
Link Improvements
| Callee Type | Caller Type | Details |
|---|---|---|
| Java Parameter | Java Lambda Expression | New links from Lambdas to previously unresolved types may be observed |
Other Updates
| Details |
|---|
| Internal procedures used in quality rules have been updated to follow ANSI notation. |
| Fixed an exception seen while computing a snapshot for the rule (7702): "Hibernate-provided implementations from third parties should be used for connection pool". |
| Fixed multiple exceptions seen while analyzing a CAST application. |
| Fixed multiple exceptions seen while analyzing an external application. |
| Fixed duplicated internal set definitions used for quality rule scopes. |
| Fixed an internal procedure that was using a cartesian product. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7442 | FALSE | Rule name has been updated to "Avoid to use keyword 'this' within Constructor in multi-thread environment". |
| 7728 | FALSE | Fixed false violations for the rule "Avoid thread creation for application running on application server", caused by the presence of Servlets without EJBs. The documentation on the rule output and total population have also been updated. |
| 8108 | FALSE | Fixed cases of false positives and a missing violation for the rule: "Avoid missing release of stream connection after an effective lifetime". |
| 8104 | FALSE | Fixed false positives for the rule: "Avoid missing release of SQL connection after an effective lifetime (JEE)". |
1.3.9-funcrel
Note
This extension has been withdrawn. All fixes and updates are present in 1.3.10-funcrel.
1.3.8-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 36886 | Enabled a warning indicating syntax errors in JSP files. |
| 37115 | Enabled a warning indicating syntax errors in JSP files. |
| 37273 | Fixed some missing accessExec links to implementation classes when an exact match is found. |
| 36326 | Fixed an issue with exception handling with plugins that caused the Java analysis to fail. |
| 37448 | Fixed a missing call to method Lambda |
| 32587 | Fixed the missing link from JPA Entity to referenced table. |
| 33682 | Fixed a false positive for the rule (7442): "Avoid to use this within Constructor in multi-thread environment". False positives were found while using the keyword "this" in a Method Reference. |
Link Improvements
| Callee Type | Caller Type | Details |
|---|---|---|
| Table | JPA Entity | Fixed missing links in the case that annotation @Table is not used. |
| Java Method | Java Method or Generic Method | Added some missing accessExec links from callee Java methods to called Java methods in implementation classes. |
| Java Class | Java Lambda Expression | Fixed some incorrect relyOn links. |
| Java Method | Java Lambda Expression | Fixed some missing accessExec links. |
Other Updates
| Details |
|---|
| An improvement has been implemented to ensure that method signatures are normalized (removing whitespace) correctly throughout the entire analyzer. |
| Fixed the false links from Java Lambda Expression. |
| Fixed a syntax error being seen for casting with additional bounds. |
| Fixed exceptions seen with inferred types of some Lambda parameters. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7442 | FALSE | Fixed a false positive for the rule: "Avoid to use this within Constructor in multi-thread environment". False positives were found while using the keyword "this" in a Method Reference. |
New Support
| Summary | Details |
|---|---|
| Add support for Java 16, 17 and 18 | This release of JEE supports analysis of Java 16, 17 and 18 sources. Standardized features such as Records, Pattern matching and Sealed Classes are supported. |
1.3.7-funcrel
Note
This release also includes the latest bug fixes from JEE's LTS release
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 35679 | Fixed an exception that prevented saving of analysis results |
| 36060 | Fixed an exception that prevented saving of analysis results |
| 32789 | Fixed an exception that prevented saving of analysis results |
| 36132 | Documentation updated for the rule (7254): "Declare as Static all methods not using instance members". |
| 32938 | Fixed a bookmark issue on JSP files for the rule "Avoid using deprecated method, constructor, field, type or package". |
| 32248 | With this fix, JEE will always attempt to select the latest version, when multiple versions of the same JAR are referenced from a Maven repository. |
Link Improvements
| Callee Type | Caller Type | Details |
|---|---|---|
| JEE objects | SQL synonyms | An invalid link type created was corrected. |
Other Updates
| Details |
|---|
| JEE Support for Java 14 |
| JEE Support for Java 15 |
| Fixed an exception that prevented saving of analysis results. |
| Fixed an invalid link type between JEE objects and SQL synonyms. |
| Corrected the procedure calculating the total value for the QR "Struts1: Avoid implementing Action Classes inheriting directly from Struts Action" |
| Fixed an issue with some Deprecated APIs from the Environment Profile for Java not being correctly marked. The issue occurred only where methods had the Deprecated annotation along with additional parameters like 'since' or 'forRemoval'. There may be additional violations seen for rules affected by the use of this annotation. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7254 | FALSE | Rule Description and References are updated to reflect that Spring Bean methods are excluded for the rule (7254): "Declare as Static all methods not using instance members". |
| 7242 | FALSE | Total procedure corrected for the rule (7242): "Struts1: Avoid implementing Action Classes inheriting directly from Struts Action" |
| 8220 | FALSE | Fixed two issues for the rule (8220): "Avoid using deprecated method, constructor, field, type or package". A bookmark issue was fixed where the rule incorrectly bookmarked an entire JSP file instead of the specific deprecated API usage within the file. The second fix was for methods marked with the Deprecated annotation and having parameters like 'since' or 'forRemoval' that were not processed correctly by the Analyzer. The number of violations for this rule may increase. |
New Support
| Summary | Details |
|---|---|
| Add support for Java 14 & 15 | This release of JEE now supports analysis of Java 14 and 15 sources. Standardized features such as switch-expression and text blocks are supported. |
1.3.6-funcrel
Note
This release upgrades the Log4j inside JEE's Environment Profile to version 2.17.1
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 32611 | Fixed a false positive for the rule "Avoid hard-coded network resource names (JEE)". |
| 33758 | Fixed false positives for the rule "Declare as Static all methods not using instance members". |
| 33859 | The total procedure for the rule "'super.finalize()' should be invoked when overriding finalize() method" has been upgraded and now has lower execution time. |
| 32641 | Removed false positives for the rule "Avoid testing floating point numbers for equality". |
| 30819 | Fixed the cause of the unexpected warning. No impact on the analysis results due to the warning. |
| 33165 | Fixed an unknown exception due to an issue with the stacking context. |
| 21349 | Fixed syntax errors seen in cases of annotations used within Fully Qualified Names and Method Headers. |
| 32602 | Fixed the initialization of plugins within the component. |
| 33533 | Fixed the cause of the unexpected warning. No impact on the analysis results due to the warning. |
| 33242 | Fixed total check 0 for the rule "Avoid non serializable Entity beans". |
Other Updates
| Details |
|---|
| The version of Log4j used in JEE's Environment Profile has been updated to 2.17.1 |
| This fix enables the separation of the analysis task from the saving task. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 8102 | FALSE | Fixed a false positive for the rule "Avoid hard-coded network resource names (JEE)" |
| 4616 | FALSE | Improved the execution time of the total procedure for the Quality Rule "'super.finalize()' should be invoked when overriding finalize() method" |
| 8096 | FALSE | Removed false positives for the rule "Avoid testing floating point numbers for equality" |
| 7954 | FALSE | Quality rule "Avoid indirect String concatenation inside loops" is now a critical rule. |
| 7254 | FALSE | Fixed false positives on Lombok UtilityClass annotated classes, and, methods with the Bean annotation for the rule "Declare as Static all methods not using instance members". The rule has now been moved to the JEE Analyzer. In some cases, previously missing violations may be added. |
| 7710 | FALSE | Fixed the total procedure causing zero counts for the rule "Avoid non serializable Entity beans" |
1.3.5-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 31774 | Fixed a crash seen during regex operation. |
| 30891 | Fixed some false positives for the QR "Provide a private default Constructor for utility Classes". |
| 32113 | Fixed syntax warnings observed for some java.net.* classes. |
Other Updates
| Details |
|---|
| Fixed an migration procedure returning null values in non-JEE analysis. |
| Address issues identified during the review of QRs 7710 and 7416. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7710 | FALSE | Corrected scope of QR "Avoid non serializable Entity beans" to all Persistent Entities(JPA & Hibernate). |
| 7416 | FALSE | Rule "Struts1: Avoid Action Form Field without Validator" is moved to Scope & Property. Output of the rule is now fields in the case of Dynamic Form Beans and setters for Concrete Form Beans. Rule scope is also corrected - previous scope caused some repeated violations. False positives reported on non-Struts Forms were fixed. |
| 7256 | FALSE | Fixed false positives due to lombok annotations for the QR "Provide a private default Constructor for utility Classes". |
1.3.4-funcrel
Note
This release contains a fix that improves method and constructor resolution. The following changes may be observed due to this fix:
- Increase in the total number of links and properties.
- Better resolution of methods and constructors that were previously not being resolved.
- Increased violations due to additionally resolved methods and constructors.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 28490 | Fixed missing links from service to DAO layers due to unresolved lombok getter/setter. |
| 30120 | Fixed issue with negative compliance in dashboard for QR "Never use an array to map Hibernate collection". |
| 31296 | A fix was made for an exception encountered while parsing a thrown exception. |
| 30173 | Fixed total check for the QR "Lazy fetching should be used for Hibernate collection". |
| 30927 | Fixed an exception that occurred due to incorrectly initialized Type Arguments. |
| 25927 | Fixed missing links between java methods called by abstraction. |
| 27108 | Fixed many false positives on private methods for the Quality Rules 4670, 4672 & 4674. |
Other Updates
| Details |
|---|
| A fix has been made in parametrization for JSP files. |
| Fixed an exception during snapshot for the QR "Struts1: Avoid Struts Fields in Action Classes that are not final static". |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7502 | FALSE | Fixed negative compliance observed for QR "Never use an array to map Hibernate collection" |
| 7488 | FALSE | Fixed total check for the QR "Lazy fetching should be used for Hibernate collection" |
| 4616 | FALSE | Detail procedure has been corrected to include Java Generic Methods for the QR "'super.finalize()' should be invoked when overriding finalize() method" |
| 7444 | FALSE | Fixed total procedure to ensure correct scope for the QR "Avoid Using Non-Serialized Beans with Session Scope" |
| 7154 | FALSE | Fixed total value less than detail for the QR "Struts1: Avoid Struts Fields in Action Classes that are not final static" |
| 4670 | FALSE | Removed false violations on private methods for QR 4670 "Public Methods must have JavaDoc comments" |
| 4672 | FALSE | Removed false violations on private methods for QR 4672 "Public Methods must have appropriate JavaDoc @param tags" |
| 4674 | FALSE | Removed false violations on private methods for QR 4674 "Public Methods must have appropriate JavaDoc @return tags" |
1.3.3-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 28504 | Fixed a crash observed during resolution of a type parameter used in a Java Generic type. |
| 28256 | Fixed false positives for the QR: "Avoid directly instantiating a Class used as a managed bean". |
| 28437 | False positives from the usage of @Lob have been removed. |
| 28567 | The source code position for violations is now being set for JPA Entity properties. |
| 28448 | Fixed false positives for the QR: "Avoid directly instantiating a Class used as a managed bean". |
Other Updates
| Details |
|---|
| Confirmation of fix in 1.3.x for removal of GUID duplicate warnings for WSDL files. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7964 | FALSE | Removed false positives and updated rule samples |
1.3.2-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 27039 | False positive for the rule (rule id: 7494), “Persistent class method's equals() and hashCode() must access its fields through getter methods” is fixed. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7494 | FALSE | Fixed false positives due to Lombok EqualsAndHashCode and Data |
| 7506 | FALSE | Fixed false positives due to Lombok EqualsAndHashCode and Data |
| 7434 | FALSE | False positives removed for the QR: "Ensure to override both equals() and hashCode()" |
| 7238 | FALSE | Fixed false positives for the rule "Avoid calls between JSP Page for application using Struts framework" |
| 7388 | FALSE | False violation removed for the QR: "Avoid artifacts having recursive call" violating XML file |
1.3.1-funcrel
Note
JEE 1.3.1-funcrel has dependency on CAST AIP Internal Extension 0.9.0 LTS (the installation of internal platform 0.9.0 will be automatic).
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 22290 | Fix for GUID changing between snapshots for AUs with mixed Java versions; GUID instability due to random jar usage and GUID instability with objects from Environment Profile vs classpath. Method GUID has been updated to use Short Names instead of Fully Qualified Names in parameters |
Link Improvements
| Callee Type | Caller Type | Details |
|---|---|---|
| JPA Entity | Java Method | Missing 'Use Insert', 'Use Delete' and 'Use Select' links has been fixed. An increment in these types of links might be expected. |
Other Updates
| Details |
|---|
| GUID implementation now uses Short Names instead of Fully Qualified Names for Method Parameters |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 8102 | FALSE | Fixed false positives and improved bookmarks for the rule: Avoid hardcoded network resource names (JEE) |
| 7202 | FALSE | False positives for Rule "Check usage of '==' and '!=' on objects" has been removed |
1.3.0-funcrel
Note
The rule improvement made in this release of the extension, will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7722 | FALSE | Avoid using persistent class's identifier in equals() method. Incorrect bookmarks fixed and support for getters added. |
| 8040 | FALSE | Struts 2: Avoid Action Fields without Validation. False violations removed. |
| 4610 | FALSE | Avoid using anonymous Classes. The scope has been changed. |
1.3.0-beta3
Note
The rule improvement made in this release of the extension, will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 24663 | Fix for invalid parsing errors due to presence of attributes without values in nodes in a JSP file. The change may result in more JSP objects along with links associated with them. |
| 25724 | Fix for an event invocation for extensions depending on JEE. The fix may result in more configuration file objects and links associated to them. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7134 | FALSE | [DEPRECATED] Avoid having Struts local forward with same name as Struts global forward |
| 7488 | FALSE | Lazy fetching should be used for Hibernate collection. Additional information of fully qualified name of the field associated with the violating JPA entity property added. |
| 4722 | FALSE | [DEPRECATED] Avoid having classes referencing Database objects |
| 4606 | FALSE | Avoid using 'sun.*' Classes. Removed 'com.sun.*' from implementation as some packages like 'com.sun.jersey' are actively used. Changed the name, description, rationale and remediation |
| 7710 | FALSE | Avoid non serializable Entity beans. Made Implementation Changes to remove false violations |
| 4708 | FALSE | Avoid using Dynamic Instantiation. Made Implementation changes to remove false positives and wrong bookmark. |
1.3.0-beta2
Note
This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. In addition, rules marked as [DEPRECATED] in the list below will not be triggered during any new analysis actioned with this release nor any future release of the extension - this may also impact the grades of your existing analysis results. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented. Lastly, this extension should not be used with AIP Core 8.3.24, 25, and 26 due to erroneous results - any previous or newer release of AIP Core should be used instead.
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 7292 | FALSE | Avoid cyclical calls and inheritances between packages. Sample, Remediation Sample and Reference Added. Decreased Weight and Threshold and made a non-critical rule. |
| 8214 | FALSE | Avoid operating on resource after expiration or release. Scope and configuration changed. |
| 4572 | FALSE | [DEPRECATED] Avoid declaring Final Instance Variables that are not initialized. |
| 4568 | FALSE | [DEPRECATED] Avoid declaring Public Instance Variables. |
| 4566 | FALSE | [DEPRECATED] Avoid declaring Instance Variables without defined access type. |
| 7306 | FALSE | [DEPRECATED] Avoid declaring Inner Classes. |
| 7308 | FALSE | [DEPRECATED] Avoid using Inner Classes. |
| 4614 | FALSE | [DEPRECATED] Proper overriding of 'clone()'. |
| 4560 | FALSE | Avoid large Interfaces - too many Methods (JEE). Improved Rationale. |
| 4558 | FALSE | Avoid large Classes - too many Fields. Improved Rationale. |
| 4556 | FALSE | Avoid large Classes - too many Constructors (JEE). Improved Rationale. |
| 8218 | FALSE | [DEPRECATED] Content type should be checked when receiving a HTTP Post. |
| 2258 | FALSE | [DEPRECATED] All image files should be in a specific directory. |
| 4616 | FALSE | 'super.finalize()' should be invoked when overriding finalize() method'. Name, Description, Rationale, Sample and Remediation Sample Improved. Scope Changed |
| 4656 | FALSE | Avoid declaring an exception in the method signature and not throwing it. Name, Description,Remediation and Reference Improved. Scope Changed. |
| 4740 | FALSE | Field naming convention - case control. Rationale Improved. |
| 4738 | FALSE | Constant naming convention - case control (JEE). Rationale improved. Configuration changed. |
| 4736 | FALSE | Method naming convention - case control (JEE). Rationale improved. |
| 4734 | FALSE | Class naming convention - case control (JEE). Rationale improved. |
| 4732 | FALSE | Interface naming convention - case control. Rationale Improved. |
| 4730 | FALSE | Package naming convention - case control. Rationale Improved. |
| 4680 | FALSE | Public Fields must have JavaDoc Comments. Name, Description, Reference, Sample and Remediation Sample Improved. Scope changed. |
| 7238 | FALSE | Avoid calls between JSP Page for application using Struts framework. Improved rule name. |
| 8220 | FALSE | Avoid using deprecated method, constructor, field, type or package. Description, Reference, Sample and Remediation Sample Improved. Rule is updated to be a Non Critical Rule. |
| 8136 | FALSE | CDI Beans with normal scope must be proxyable to avoid runtime errors. Name updated to be precise with the rule. Scope and configuration changed. |
| 8100 | FALSE | Blocking synchronous calls should have associated timeouts. Description and Reference Improved. Added Sample, Remediation and Remediation Sample. Lowered the Threshold. Scope changed. |
| 8016 | FALSE | Avoid unrestricted access to EJB remote methods. Name, Description, Rationale, Reference, Sample, Remediation and Remediation Sample changed. False violations have been removed. |
| 8040 | FALSE | Struts 2: Avoid Action Fields without Validation. Name, Description and Reference changed. False violations have been removed. |
| 7634 | FALSE | Avoid Hibernate Entity with 'select-before-update' set to true if not associated to table that fires an UPDATE trigger. Name, Description and Reference changed. |
| 7202 | FALSE | Avoid using '==' and '!=' to compare objects. Name, Description, Rationale, Reference, Remediation and Remediation Sample Improved.Missing violation fixed. |
| 7732 | FALSE | Avoid non validated inputs in JSP files that use JSF. Documentation Change. Name, Description, Rationale and Reference Improved. Missing violation fixed. |
| 7910 | FALSE | Never exit a finally block with a return, break, continue, or throw statements. Name, Description,Sample and Remediation Sample Improved. |
| 7940 | FALSE | Avoid accumulating Stateful Beans. Name, Description, Rationale, Sample, Remediation and Remediation Sample Improved. Fixed false violations. |
| 7962 | FALSE | Avoid direct or indirect remote calls inside a loop. Description, Rationale, Reference, Sample and Remediation Sample Improved. |
| 7362 | FALSE | [DEPRECATED] Avoid Struts action mappings validator turned off. |
| 7382 | FALSE | Struts1: Avoid Struts Validator field without Form Field. Name, Description and Rationale Improved. |
| 7372 | FALSE | Struts 1: Enable Struts Validator plugin. Name and Description changed. Added Sample. |
| 7380 | FALSE | Struts 1: Avoid unused validation form. Name, Description and Rationale changed. Increased the Threshold. |
| 7488 | FALSE | Lazy fetching should be used for Hibernate collection. Name, Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. Missing violation fixed. |
| 7192 | FALSE | Avoid using Struts Form that cannot extend Validator Class. Name, Description, Reference, Sample and Remediation Sample changed. Threshold Increased. |
| 7254 | FALSE | Declare as Static all methods not using instance members. Name and Description changed. Added Reference. |
| 7416 | FALSE | Struts1: Avoid Action Form Field without Validator. Name, Description and Reference changed. |
| 7154 | FALSE | Struts1: Avoid Struts Fields in Action Classes that are not final static. Name, Description, Rationale and Reference changed. Scope changed. Incorrect Bookmark fixed. |
| 7494 | FALSE | Persistent class method's equals() and hashCode() must access its fields through getter methods. Name and Description changed. Missing violation fixed. |
| 7140 | FALSE | Struts Action artifacts should not directly call a JSP page. Name, Description and Rationale changed. Changed it to Non Critical Rule since it is just a programming practice. Missing violations have been fixed. |
| 7434 | FALSE | Ensure to override both equals() and hashCode(). Name, Description, Reference and Remediation changed. |
| 7440 | FALSE | Avoid having suspicious similar method names or signatures in an inheritance tree. Name, Description and Remediation changed. Scope changed. |
| 7438 | FALSE | Avoid non thread safe singleton. Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. False Violations removed. |
| 7502 | FALSE | Never use an array to map Hibernate collection. Name, Description and Rationale changed. Missing Violations fixed. |
| 7132 | FALSE | [DEPRECATED] Struts action Mappings should have few forwards. |
| 7136 | FALSE | [DEPRECATED] Each method in an Action Class should have a small complexity. |
| 7510 | FALSE | [DEPRECATED] Use only Hibernate API to access to the database. |
| 7676 | FALSE | [DEPRECATED] Avoid too many packages referencing Mainframe. |
| 7138 | FALSE | [DEPRECATED] Action Classes should only be called by Action Mappings tag (for Struts 1.x) or Action tag (for Struts 2.x). |
| 4696 | FALSE | [DEPRECATED] Avoid using 'System.err' and 'System.out' within a try catch block. |
| 2284 | FALSE | [DEPRECATED] Avoid large JSP Pages - too many Scriptlets. |
| 2236 | FALSE | [DEPRECATED] Avoid use of standard SQL API. |
| 2282 | FALSE | [DEPRECATED] Avoid large Include Files. |
| 4698 | FALSE | [DEPRECATED] Avoid using 'System.err' and 'System.out' outside a try catch block. |
| 4574 | FALSE | [DEPRECATED] Avoid using deprecated objects. |
| 2278 | FALSE | [DEPRECATED] Check the use of "foreach" custom tag library. |
| 2244 | FALSE | [DEPRECATED] Avoid undocumented Web Server Pages. |
| 2242 | FALSE | [DEPRECATED] Avoid direct definition of JavaScript Functions in a Web page (JEE). |
| 2248 | FALSE | [DEPRECATED] Avoid Web Server pages having a very low Comment/Code ratio. |
| 2280 | FALSE | [DEPRECATED] Avoid using Document.all collection. |
| 2264 | FALSE | [DEPRECATED] All page files should be in a specific directory. |
| 8104 | FALSE | Avoid missing release of SQL connection after an effective lifetime (JEE). Name, Description, Rationale and Reference changed. Threshold has been increased. |
| 7144 | FALSE | [DEPRECATED] Avoid using database objects from Struts Action Artifacts. |
| 7936 | FALSE | [DEPRECATED] Avoid using finalize(). |
| 7508 | FALSE | Getter of collection-typed persistent attributes should return the correct interface type. Name, Description and Reference changed. |
| 7150 | FALSE | [DEPRECATED] Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement. |
| 7146 | FALSE | Always have JSP pages referencing Java Objects associated to JEE Scoped Bean. Name, Description and Reference changed Sample and Remediation Sample has been added. |
| 4674 | FALSE | Public Methods must have appropriate JavaDoc @return tags. Name Changed. Reference, Sample, Remediation and Remediation Sample has been added. |
| 4618 | FALSE | Avoid instantiating a Boolean object. Name, Description and Rationale changed Reference, Sample and Remediation Sample has been added |
| 4716 | FALSE | Avoid Classes implementing too many Interfaces (JEE). Description changed Rationale, Sample and Remediation Sample has been added |
| 7134 | FALSE | Struts1: Avoid having Struts local forward with same name as Struts global forward. Name, Description and Output changed Rationale, Sample, Remediation and Remediation Sample has been added. |
| 4704 | FALSE | Avoid using Vector. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample has been added |
| 4670 | FALSE | Public Methods must have JavaDoc comments. Name, Description and Output changed Reference, Sample, Remediation and Remediation Sample has been added. Scope changed. |
| 7640 | FALSE | Avoid using catch blocks with assertion. Name, Description and Rationale changed Reference has been added. |
| 7648 | FALSE | Avoid an explicit call to finalize(). Name, Description and Rationale, Reference and Remediation changed. Scope changed. Weight Increased. |
| 7702 | FALSE | Hibernate-provided implementations from third parties should be used for connection pool. Name, Description, Rationale, Reference and Remediation changed |
| 7700 | FALSE | Struts1: Only Struts HTTP Servlet should be used for Struts based application. Name, Description and Remediation changed. Remediation Sample added. |
| 7712 | FALSE | Avoid public/protected setter for the generated identifier field. Description and Remediation changed. |
| 7720 | FALSE | [DEPRECATED] Avoid too many EJB beans. |
| 7726 | FALSE | Avoid Struts Action Classes that call packages having direct access to database. Name, Description, Rationale and Output changed. Sample and Remediation Sample added. Scope changed. |
| 7942 | FALSE | Avoid EJBs using 'synchronized' qualifier, 'wait', 'notify' and 'notifyAll' Methods. Description and Rationale changed. Reference, Sample and Remediation Sample added. |
| 7964 | FALSE | Avoid directly instantiating a Class used as a managed bean. Description changed. Removed false violations and fixed missing violations. |
| 7954 | FALSE | Avoid indirect String concatenation inside loops. Description, Rationale, Reference, Sample and Remediation Sample changed |
| 7506 | FALSE | equals() and hashCode() should be defined for Hibernate/JPA component. Name,Description and Rationale changed. Missing violation fixed. |
| 7190 | FALSE | Struts1: Validate() Method of Struts Validator form must call super.validate(). Name, Description, Rationale, Reference and Sample changed Threshold value Increased. Changed to a Critical Rule since it impacts Security. |
| 7152 | FALSE | Avoid Fields in Servlet Classes that are not final static. Description, Rationale and Reference changed Sample and Remediation Sample added. |
| 7252 | FALSE | Call 'super.finalize ()' in the "finally" block of 'finalize ()' methods.Description, Rationale and Reference improved. |
| 4706 | FALSE | Avoid using Hashtable. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample added |
| 2266 | FALSE | [DEPRECATED] Avoid non standard file extensions (JEE) |
| 7220 | FALSE | [DEPRECATED] Avoid Unused Imports |
| 7188 | FALSE | [DEPRECATED] Private fields must have JavaDoc Comments |
| 2254 | FALSE | [DEPRECATED] Avoid large Page files (JEE) |
| 7142 | FALSE | [DEPRECATED] Action Classes should have only one public method |
| 2260 | FALSE | [DEPRECATED] All script files should be in a specific directory |
| 4668 | FALSE | [DEPRECATED] Classes and Interfaces must have JavaDoc @author tag |
| 4678 | FALSE | [DEPRECATED] Public Methods must have appropriate JavaDoc @exception tags |
| 4676 | FALSE | Public Methods must have appropriate JavaDoc @throws/@exception tags. Name, Description, Rationale and output changed Reference, Sample, Remediation and Remediation Sample added. Missing violation fixed |
| 4694 | FALSE | Avoid using 'System.gc' and 'Runtime.gc'. Name, Description, Rationale Improved. Reference, Sample, Remediation and Remediation Sample added. Threshold Value Increased and changed it to a critical rule. Missing violation fixed |
| 4672 | FALSE | Public Methods must have appropriate JavaDoc @param tags. Name, Description, Rationale changed Reference, Sample and Remediation Sample added |
| 4718 | FALSE | Avoid having package without enough Classes/Interfaces. Remediation added |
| 1022000 | FALSE | [DEPRECATED] Avoid weak encryption algorithm as DES and triple DES |
| 4666 | FALSE | Classes and Interfaces must have JavaDoc Comments. Description Changed. Reference, Sample, Remediation, Remediation Sample added. |
| 7708 | FALSE | Avoid using session.setFlushMode(FlushMode.COMMIT, FlushMode.NEVER or FlushMode.MANUAL). Rationale and Reference improved. Sample and Remediation Sample added. |
| 7240 | FALSE | [DEPRECATED] Struts Action Classes should only call Business Classes |
| 4596 | FALSE | Avoid using 'java.lang.System.getenv()'. Description Changed. Sample and Reference added. |
| 7682 | FALSE | Avoid having Hibernate domain model depending on other Java APIs. Name and Description Changed. Remediation Sample added. |
| 7734 | FALSE | Avoid using debug() method without calling isDebugEnabled() method. Name,Description, Reference Sample, Remediation Sample and Scope Changed. |
| 7722 | FALSE | Avoid using persistent class's identifier in equals() method. Name,Description, Rationale,Reference, Remediation, Output and Scope Changed. Missing violation fixed. |
| 7638 | FALSE | Avoid directly managing the connection to the database by using DriverManager. Name,Description, Rationale,Reference, Sample, Remediation Sample and Remediation, Output and Scope changed. Threshold Increased. Changed it to a critical rule. |
| 7728 | FALSE | Avoid thread creation for application running on application server. Description, Reference, Grade Impact Changed. Threshold Increased. Changed it to a critical rule. |
| 7956 | FALSE | [DEPRECATED] Avoid indirect exception handling inside loops |
| 7206 | FALSE | Avoid the use of Instanceof inside loops. Name,Description, Rationale,Reference,Remediation Sample and Remediation Changed. Scope Changed |
| 7562 | FALSE | Avoid static Field of type collection. Description, Rationale,Reference,Sample and Remediation Sample Changed. Removed False Violation. |
| 7256 | FALSE | Provide a private default Constructor for utility Classes. Name, Description, and Reference Changed. |
| 7496 | FALSE | Use table-per-subclass strategy when subclasses have many properties. Description, Rationale, Reference, Sample and Remediation Sample Changed. Missing violation fixed. |
| 4570 | FALSE | Avoid declaring Non Final Class Variables with Public, Protected or Package access type. Name, Description, and Rationale Changed. Reference, Sample and Remediation Sample added. Missing violation fixed. |
| 7730 | FALSE | Always use declarative transaction. Name, Description, Sample and Remediation Sample Changed. |
| 7196 | FALSE | Avoid large number of String concatenation (JEE). Description, Rationale, Reference and Sample Changed. |
| 2238 | FALSE | Avoid unreferenced JSP pages. Name, Description, Remediation, Output and Scope Changed. |
| 7148 | FALSE | [DEPRECATED] JSP pages should always be accessed through their tiles definition |
| 4744 | FALSE | [DEPRECATED] EJB Entity access through their local Interface |
| 2262 | FALSE | [DEPRECATED] All cascading style sheet files should be in specific directory |
| 8096 | FALSE | Avoid testing floating point numbers for equality. Description, Sample,Remediation Sample, Reference and Thresholds Changed. Changed to a Critical Rule. Missing violation fixed. |
| 8038 | FALSE | Struts 2: Avoid Struts Validator field without Form Field. Name, Description, Rationale and Scope Changed |
| 7710 | FALSE | Avoid non serializable Entity beans. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed. |
| 7704 | FALSE | All static fields in the enterprise bean class should be declared as final. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed. Incorrect bookmark fixed. |
| 7678 | FALSE | Avoid logging using basic java log files.Name, Description, Rationale, Remediation and Reference Changed. Missing violation fixed. |
| 7490 | FALSE | Avoid UPDATE trigger firing when not necessary. Description Improved. |
| 4700 | FALSE | [DEPRECATED] Avoid using 'Throwable.printStackTrace()' within a try catch block |
| 7444 | FALSE | Avoid Using Non-Serialized Beans with Session Scope. Name, Description, Rationale, Sample, Remediation Sample, Scope and Reference Changed. |
| 7500 | FALSE | Use table-per-class-hierarchy when subclasses have few properties. Description, Sample, Remediation Sample and Reference Changed. Missing violation fixed. |
| 7248 | FALSE | Avoid Packages with High Afferent Coupling (CA). Output and Scope Changed. Remediation and Reference Added. |
| 4702 | FALSE | Avoid using 'Throwable.printStackTrace()' with no argument. Description, Rationale and Reference Changed. Remediation Sample Added. |
| 4612 | FALSE | Avoid using native Methods (JNI). Description, Rationale, Reference, Scope and Configuration Changed. Sample and Remediation added. |
| 4600 | FALSE | Avoid using Exit and Halt Methods on a Web/Application Server. Name, Description, Rationale, Output and Configuration Changed. Sample, Remediation and Remediation Sample added. Changed it to a Critical Rule. Missing violation fixed |
| 4746 | FALSE | [DEPRECATED] EJB Session access through their local Interface |
| 4576 | FALSE | [DEPRECATED] Provide accessors to Private Fields |
| 4598 | FALSE | Avoid using 'java.lang.Runtime.exec()'. Description, Rationale, Reference, Sample and Remediation added.Increased Threshold. Changed it to a Critical Rule. |
| 4604 | FALSE | Avoid using 'java.lang.Error'. Reference and Sample changed. Remediation, Remediation Sample added. Scope Changed. |
| 4708 | FALSE | Avoid using Dynamic Instantiation. Reference, Sample and Remediation Sample Added. |
| 4606 | FALSE | Avoid using 'sun.*' and 'com.sun.*' Classes. Name, Description, Reference and Output Changed. Remediation and Sample Added. |
| 7650 | FALSE | All types of a serializable Class must be serializable. Description, Rationale and Reference Changed. Scope Changed. |
| 7654 | FALSE | Avoid database tables associated to more than one Hibernate Entity. Description, Sample and Output Changed. Reference And Remediation Sample Added. Missing violation fixed. |
| 7716 | FALSE | Avoid defining singleton or factory classes when using Spring. Name, Description, Rationale, Reference, Sample, Remediation, Remediation Sample and Configuration Changed. |
| 7668 | FALSE | [DEPRECATED] Avoid using DOM parser for large or medium sized XML file parsing |
| 4578 | FALSE | Collection interfaces should be used as method return types instead of their implementation classes. Name and Configuation Changed. Reference, Sample and Remediation Sample Added. |
| 4580 | FALSE | Collection declarations should use interfaces instead of implementation classes. Name and Configuration Changed. Reference, Sample and Remediation Sample Added. |
| 7498 | FALSE | Avoid Incorrect implementation of getters and setters for Collection Type. Configuration Changed. Sample and Remediation Sample Added. |
| 7200 | FALSE | Avoid String concatenation in loops. False violation fixed. |
| 7492 | FALSE | Avoid Hibernate and JPA Entities using many-to-many association. Description Changed |
| 7636 | FALSE | Prefer using version number instead of timestamp for Hibernate Entity. Sample and Remediation Sample Added. Made a non Critical rule. Scope of the rule extended to check annotation based Hibernate Entities. |
| 4602 | FALSE | Avoid using Fields (non static final) from other Classes. Sample and Remediation Sample Added. Weight Reduced. False violation in case where an inner class access a field from the base class of an outer class is fixed. |
| 8042 | FALSE | Struts 2: Avoid unused validation form. Name, Description, Remediation and Remediation Sample Improved. Scope Definition aligned with the rule. Added the Missing RelyOn Link to fix a False Violation. |
| 7724 | FALSE | Overriden equals() Methods in persistent Subclasses should only reference properties from the persistent base Class. Name and Description Improved. Missing Violations are fixed with correct bookmarks. |
| 7250 | FALSE | Avoid String initialization with String object (created using the 'new' keyword). Name Improved, Reference added. |
Performance Improvements
| Summary |
|---|
| Performance issues related to Quality Rule "Avoid unused import in jsp file" are fixed. |
1.3.0-beta1
Note
This extension has been withdrawn.
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 4558 | FALSE | Avoid large Classes - too many Fields. Improved Rationale. |
| 4556 | FALSE | Avoid large Classes - too many Constructors (JEE). Improved Rationale. |
| 8218 | FALSE | [DEPRECATED] Content type should be checked when receiving a HTTP Post. |
| 2258 | FALSE | [DEPRECATED] All image files should be in a specific directory. |
| 4656 | FALSE | Avoid declaring an exception in the method signature and not throwing it. Name, Description,Remediation and Reference Improved. Scope Changed. |
| 4740 | FALSE | Field naming convention - case control. Rationale Improved. |
| 4738 | FALSE | Constant naming convention - case control (JEE). Rationale improved. Configuration changed. |
| 4736 | FALSE | Method naming convention - case control (JEE). Rationale improved. |
| 4732 | FALSE | Interface naming convention - case control. Rationale Improved. |
| 4730 | FALSE | Package naming convention - case control. Rationale Improved. |
| 4680 | FALSE | Public Fields must have JavaDoc Comments. Name, Description, Reference, Sample and Remediation Sample Improved. Scope changed. |
| 7238 | FALSE | Avoid calls between JSP Page for application using Struts framework. Improved rule name. |
| 8220 | FALSE | Avoid using deprecated method, constructor, field, type or package. Description, Reference, Sample and Remediation Sample Improved. Rule is updated to be a Non Critical Rule. |
| 8136 | FALSE | CDI Beans with normal scope must be proxyable to avoid runtime errors. Name updated to be precise with the rule. Scope and configuration changed. |
| 8100 | FALSE | Blocking synchronous calls should have associated timeouts. Description and Reference Improved. Added Sample, Remediation and Remediation Sample. Lowered the Threshold. Scope changed. |
| 8016 | FALSE | Avoid unrestricted access to EJB remote methods. Name, Description, Rationale, Reference, Sample, Remediation and Remediation Sample changed. False violations have been removed. |
| 8040 | FALSE | Struts 2: Avoid Action Fields without Validation. Name, Description and Reference changed. False violations have been removed. |
| 7634 | FALSE | Avoid Hibernate Entity with 'select-before-update' set to true if not associated to table that fires an UPDATE trigger. Name, Description and Reference changed. |
| 7202 | FALSE | Avoid using '==' and '!=' to compare objects. Name, Description, Rationale, Reference, Remediation and Remediation Sample Improved.Missing violation fixed. |
| 7732 | FALSE | Avoid non validated inputs in JSP files that use JSF. Documentation Change. Name, Description, Rationale and Reference Improved. Missing violation fixed. |
| 7910 | FALSE | Never exit a finally block with a return, break, continue, or throw statements. Name, Description,Sample and Remediation Sample Improved. |
| 7940 | FALSE | Avoid accumulating Stateful Beans. Name, Description, Rationale, Sample, Remediation and Remediation Sample Improved. Fixed false violations. |
| 7962 | FALSE | Avoid direct or indirect remote calls inside a loop. Description, Rationale, Reference, Sample and Remediation Sample Improved. |
| 7362 | FALSE | [DEPRECATED] Avoid Struts action mappings validator turned off. |
| 7382 | FALSE | Struts1: Avoid Struts Validator field without Form Field. Name, Description and Rationale Improved. |
| 7372 | FALSE | Struts 1: Enable Struts Validator plugin. Name and Description changed. Added Sample. |
| 7380 | FALSE | Struts 1: Avoid unused validation form. Name, Description and Rationale changed. Increased the Threshold. |
| 7488 | FALSE | Lazy fetching should be used for Hibernate collection. Name, Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. Missing violation fixed. |
| 7192 | FALSE | Avoid using Struts Form that cannot extend Validator Class. Name, Description, Reference, Sample and Remediation Sample changed. Threshold Increased. |
| 7254 | FALSE | Declare as Static all methods not using instance members. Name and Description changed. Added Reference. |
| 7416 | FALSE | Struts1: Avoid Action Form Field without Validator. Name, Description and Reference changed. |
| 7154 | FALSE | Struts1: Avoid Struts Fields in Action Classes that are not final static. Name, Description, Rationale and Reference changed. Scope changed. Incorrect Bookmark fixed. |
| 7494 | FALSE | Persistent class method's equals() and hashCode() must access its fields through getter methods. Name and Description changed. Missing violation fixed. |
| 7140 | FALSE | Struts Action artifacts should not directly call a JSP page. Name, Description and Rationale changed. Changed it to Non Critical Rule since it is just a programming practice. Missing violations have been fixed. |
| 7434 | FALSE | Ensure to override both equals() and hashCode(). Name, Description, Reference and Remediation changed. |
| 7440 | FALSE | Avoid having suspicious similar method names or signatures in an inheritance tree. Name, Description and Remediation changed. Scope changed. |
| 7438 | FALSE | Avoid non thread safe singleton. Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. False Violations removed. |
| 7502 | FALSE | Never use an array to map Hibernate collection. Name, Description and Rationale changed. Missing Violations fixed. |
| 7132 | FALSE | [DEPRECATED] Struts action Mappings should have few forwards. |
| 7136 | FALSE | [DEPRECATED] Each method in an Action Class should have a small complexity. |
| 7510 | FALSE | [DEPRECATED] Use only Hibernate API to access to the database. |
| 7676 | FALSE | [DEPRECATED] Avoid too many packages referencing Mainframe. |
| 7138 | FALSE | [DEPRECATED] Action Classes should only be called by Action Mappings tag (for Struts 1.x) or Action tag (for Struts 2.x). |
| 4696 | FALSE | [DEPRECATED] Avoid using 'System.err' and 'System.out' within a try catch block. |
| 2284 | FALSE | [DEPRECATED] Avoid large JSP Pages - too many Scriptlets. |
| 2236 | FALSE | [DEPRECATED] Avoid use of standard SQL API. |
| 2282 | FALSE | [DEPRECATED] Avoid large Include Files. |
| 4698 | FALSE | [DEPRECATED] Avoid using 'System.err' and 'System.out' outside a try catch block. |
| 4574 | FALSE | [DEPRECATED] Avoid using deprecated objects. |
| 2278 | FALSE | [DEPRECATED] Check the use of "foreach" custom tag library. |
| 2244 | FALSE | [DEPRECATED] Avoid undocumented Web Server Pages. |
| 2242 | FALSE | [DEPRECATED] Avoid direct definition of JavaScript Functions in a Web page (JEE). |
| 2248 | FALSE | [DEPRECATED] Avoid Web Server pages having a very low Comment/Code ratio. |
| 2280 | FALSE | [DEPRECATED] Avoid using Document.all collection. |
| 2264 | FALSE | [DEPRECATED] All page files should be in a specific directory. |
| 8104 | FALSE | Avoid missing release of SQL connection after an effective lifetime (JEE). Name, Description, Rationale and Reference changed. Threshold has been increased. |
| 7144 | FALSE | [DEPRECATED] Avoid using database objects from Struts Action Artifacts. |
| 7936 | FALSE | [DEPRECATED] Avoid using finalize(). |
| 7508 | FALSE | Getter of collection-typed persistent attributes should return the correct interface type. Name, Description and Reference changed. |
| 7150 | FALSE | [DEPRECATED] Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement. |
| 7146 | FALSE | Always have JSP pages referencing Java Objects associated to JEE Scoped Bean. Name, Description and Reference changed Sample and Remediation Sample has been added. |
| 4674 | FALSE | Public Methods must have appropriate JavaDoc @return tags. Name Changed. Reference, Sample, Remediation and Remediation Sample has been added. |
| 4618 | FALSE | Avoid instantiating a Boolean object. Name, Description and Rationale changed Reference, Sample and Remediation Sample has been added |
| 4716 | FALSE | Avoid Classes implementing too many Interfaces (JEE). Description changed Rationale, Sample and Remediation Sample has been added |
| 7134 | FALSE | Struts1: Avoid having Struts local forward with same name as Struts global forward. Name, Description and Output changed Rationale, Sample, Remediation and Remediation Sample has been added. |
| 4704 | FALSE | Avoid using Vector. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample has been added |
| 4670 | FALSE | Public Methods must have JavaDoc comments. Name, Description and Output changed Reference, Sample, Remediation and Remediation Sample has been added. Scope changed. |
| 7640 | FALSE | Avoid using catch blocks with assertion. Name, Description and Rationale changed Reference has been added. |
| 7648 | FALSE | Avoid an explicit call to finalize(). Name, Description and Rationale, Reference and Remediation changed. Scope changed. Weight Increased. |
| 7702 | FALSE | Hibernate-provided implementations from third parties should be used for connection pool. Name, Description, Rationale, Reference and Remediation changed |
| 7700 | FALSE | Struts1: Only Struts HTTP Servlet should be used for Struts based application. Name, Description and Remediation changed. Remediation Sample added. |
| 7712 | FALSE | Avoid public/protected setter for the generated identifier field. Description and Remediation changed. |
| 7720 | FALSE | [DEPRECATED] Avoid too many EJB beans. |
| 7726 | FALSE | Avoid Struts Action Classes that call packages having direct access to database. Name, Description, Rationale and Output changed. Sample and Remediation Sample added. Scope changed. |
| 7942 | FALSE | Avoid EJBs using 'synchronized' qualifier, 'wait', 'notify' and 'notifyAll' Methods. Description and Rationale changed. Reference, Sample and Remediation Sample added. |
| 7964 | FALSE | Avoid directly instantiating a Class used as a managed bean. Description changed. Removed false violations and fixed missing violations. |
| 7954 | FALSE | Avoid indirect String concatenation inside loops. Description, Rationale, Reference, Sample and Remediation Sample changed |
| 7506 | FALSE | equals() and hashCode() should be defined for Hibernate/JPA component. Name,Description and Rationale changed. Missing violation fixed. |
| 7190 | FALSE | Struts1: Validate() Method of Struts Validator form must call super.validate(). Name, Description, Rationale, Reference and Sample changed Threshold value Increased. Changed to a Critical Rule since it impacts Security. |
| 7152 | FALSE | Avoid Fields in Servlet Classes that are not final static. Description, Rationale and Reference changed Sample and Remediation Sample added. |
| 7252 | FALSE | Call 'super.finalize ()' in the "finally" block of 'finalize ()' methods.Description, Rationale and Reference improved. |
| 4706 | FALSE | Avoid using Hashtable. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample added |
| 2266 | FALSE | [DEPRECATED] Avoid non standard file extensions (JEE) |
| 7220 | FALSE | [DEPRECATED] Avoid Unused Imports |
| 7188 | FALSE | [DEPRECATED] Private fields must have JavaDoc Comments |
| 2254 | FALSE | [DEPRECATED] Avoid large Page files (JEE) |
| 7142 | FALSE | [DEPRECATED] Action Classes should have only one public method |
| 2260 | FALSE | [DEPRECATED] All script files should be in a specific directory |
| 4668 | FALSE | [DEPRECATED] Classes and Interfaces must have JavaDoc @author tag |
| 4678 | FALSE | [DEPRECATED] Public Methods must have appropriate JavaDoc @exception tags |
| 4676 | FALSE | Public Methods must have appropriate JavaDoc @throws/@exception tags. Name, Description, Rationale and output changed Reference, Sample, Remediation and Remediation Sample added. Missing violation fixed |
| 4694 | FALSE | Avoid using 'System.gc' and 'Runtime.gc'. Name, Description, Rationale Improved. Reference, Sample, Remediation and Remediation Sample added. Threshold Value Increased and changed it to a critical rule. Missing violation fixed |
| 4672 | FALSE | Public Methods must have appropriate JavaDoc @param tags. Name, Description, Rationale changed Reference, Sample and Remediation Sample added |
| 4718 | FALSE | Avoid having package without enough Classes/Interfaces. Remediation added |
| 1022000 | FALSE | [DEPRECATED] Avoid weak encryption algorithm as DES and triple DES |
| 4666 | FALSE | Classes and Interfaces must have JavaDoc Comments. Description Changed. Reference, Sample, Remediation, Remediation Sample added. |
| 7708 | FALSE | Avoid using session.setFlushMode(FlushMode.COMMIT, FlushMode.NEVER or FlushMode.MANUAL). Rationale and Reference improved. Sample and Remediation Sample added. |
| 7240 | FALSE | [DEPRECATED] Struts Action Classes should only call Business Classes |
| 4596 | FALSE | Avoid using 'java.lang.System.getenv()'. Description Changed. Sample and Reference added. |
| 7682 | FALSE | Avoid having Hibernate domain model depending on other Java APIs. Name and Description Changed. Remediation Sample added. |
| 7734 | FALSE | Avoid using debug() method without calling isDebugEnabled() method. Name,Description, Reference Sample, Remediation Sample and Scope Changed. |
| 7722 | FALSE | Avoid using persistent class's identifier in equals() method. Name,Description, Rationale,Reference, Remediation, Output and Scope Changed. Missing violation fixed. |
| 7638 | FALSE | Avoid directly managing the connection to the database by using DriverManager. Name,Description, Rationale,Reference, Sample, Remediation Sample and Remediation, Output and Scope changed. Threshold Increased. Changed it to a critical rule. |
| 7728 | FALSE | Avoid thread creation for application running on application server. Description, Reference, Grade Impact Changed. Threshold Increased. Changed it to a critical rule. |
| 7956 | FALSE | [DEPRECATED] Avoid indirect exception handling inside loops |
| 7206 | FALSE | Avoid the use of Instanceof inside loops. Name,Description, Rationale,Reference,Remediation Sample and Remediation Changed. Scope Changed |
| 7562 | FALSE | Avoid static Field of type collection. Description, Rationale,Reference,Sample and Remediation Sample Changed. Removed False Violation. |
| 7256 | FALSE | Provide a private default Constructor for utility Classes. Name, Description, and Reference Changed. |
| 7496 | FALSE | Use table-per-subclass strategy when subclasses have many properties. Description, Rationale, Reference, Sample and Remediation Sample Changed. Missing violation fixed. |
| 4570 | FALSE | Avoid declaring Non Final Class Variables with Public, Protected or Package access type. Name, Description, and Rationale Changed. Reference, Sample and Remediation Sample added. Missing violation fixed. |
| 7730 | FALSE | Always use declarative transaction. Name, Description, Sample and Remediation Sample Changed. |
| 7196 | FALSE | Avoid large number of String concatenation (JEE). Description, Rationale, Reference and Sample Changed. |
| 2238 | FALSE | Avoid unreferenced JSP pages. Name, Description, Remediation, Output and Scope Changed. |
| 7148 | FALSE | [DEPRECATED] JSP pages should always be accessed through their tiles definition |
| 4744 | FALSE | [DEPRECATED] EJB Entity access through their local Interface |
| 2262 | FALSE | [DEPRECATED] All cascading style sheet files should be in specific directory |
| 8096 | FALSE | Avoid testing floating point numbers for equality. Description, Sample,Remediation Sample, Reference and Thresholds Changed. Changed to a Critical Rule. Missing violation fixed. |
| 8038 | FALSE | Struts 2: Avoid Struts Validator field without Form Field. Name, Description, Rationale and Scope Changed |
| 7710 | FALSE | Avoid non serializable Entity beans. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed. |
| 7704 | FALSE | All static fields in the enterprise bean class should be declared as final. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed. Incorrect bookmark fixed. |
| 7678 | FALSE | Avoid logging using basic java log files.Name, Description, Rationale, Remediation and Reference Changed. Missing violation fixed. |
| 7490 | FALSE | Avoid UPDATE trigger firing when not necessary. Description Improved. |
| 4700 | FALSE | [DEPRECATED] Avoid using 'Throwable.printStackTrace()' within a try catch block |
| 7444 | FALSE | Avoid Using Non-Serialized Beans with Session Scope. Name, Description, Rationale, Sample, Remediation Sample, Scope and Reference Changed. |
| 7500 | FALSE | Use table-per-class-hierarchy when subclasses have few properties. Description, Sample, Remediation Sample and Reference Changed. Missing violation fixed. |
| 7248 | FALSE | Avoid Packages with High Afferent Coupling (CA). Output and Scope Changed. Remediation and Reference Added. |
| 4702 | FALSE | Avoid using 'Throwable.printStackTrace()' with no argument. Description, Rationale and Reference Changed. Remediation Sample Added. |
| 4612 | FALSE | Avoid using native Methods (JNI). Description, Rationale, Reference, Scope and Configuration Changed. Sample and Remediation added. |
| 4600 | FALSE | Avoid using Exit and Halt Methods on a Web/Application Server. Name, Description, Rationale, Output and Configuration Changed. Sample, Remediation and Remediation Sample added. Changed it to a Critical Rule. Missing violation fixed |
| 4746 | FALSE | [DEPRECATED] EJB Session access through their local Interface |
| 4576 | FALSE | [DEPRECATED] Provide accessors to Private Fields |
| 4598 | FALSE | Avoid using 'java.lang.Runtime.exec()'. Description, Rationale, Reference, Sample and Remediation added.Increased Threshold. Changed it to a Critical Rule. |
| 4604 | FALSE | Avoid using 'java.lang.Error'. Reference and Sample changed. Remediation, Remediation Sample added. Scope Changed. |
| 4708 | FALSE | Avoid using Dynamic Instantiation. Reference, Sample and Remediation Sample Added. |
| 4606 | FALSE | Avoid using 'sun.*' and 'com.sun.*' Classes. Name, Description, Reference and Output Changed. Remediation and Sample Added. |
| 7650 | FALSE | All types of a serializable Class must be serializable. Description, Rationale and Reference Changed. Scope Changed. |
| 7654 | FALSE | Avoid database tables associated to more than one Hibernate Entity. Description, Sample and Output Changed. Reference And Remediation Sample Added. Missing violation fixed. |
| 7716 | FALSE | Avoid defining singleton or factory classes when using Spring. Name, Description, Rationale, Reference, Sample, Remediation, Remediation Sample and Configuration Changed. |
| 7668 | FALSE | [DEPRECATED] Avoid using DOM parser for large or medium sized XML file parsing |
| 4578 | FALSE | Collection interfaces should be used as method return types instead of their implementation classes. Name and Configuation Changed. Reference, Sample and Remediation Sample Added. |
| 4580 | FALSE | Collection declarations should use interfaces instead of implementation classes. Name and Configuration Changed. Reference, Sample and Remediation Sample Added. |
| 7498 | FALSE | Avoid Incorrect implementation of getters and setters for Collection Type. Configuration Changed. Sample and Remediation Sample Added. |
| 7200 | FALSE | Avoid String concatenation in loops. False violation fixed. |
| 7492 | FALSE | Avoid Hibernate and JPA Entities using many-to-many association. Description Changed |
| 4614 | FALSE | [DEPRECATED] Proper overriding of 'clone'() |
Performance Improvements
| Summary |
|---|
| Performance issues related to Quality Rule "Avoid unused import in jsp file" are fixed. |
