JEE Rules -1.1 - Release Notes

On this page:

1.1.0-funcrel

Customer Ticket Id	Details
16584	Permanent Fix - Extension com.castsoftware.jeerules has encountered an issue - version 1.1.0 beta1
16586	Permanent Fix - Analysis warning: Extension com.castsoftware.jeerules has encountered an issue

Rule Id	New Rule	Details
1039042	FALSE	[DEACTIVATED] Ensure to use "Optional.isPresent" before invoking "Optional.get" to access value no more available
1039032	FALSE	Removed False Positive on Avoid using DocumentBuilder without restriction of XML External Entity Reference (XXE)
1039010	FALSE	Modified the quality rule 'Avoid using risky cryptographic hash (JEE)' to check input ''MD5/SHA1 from .properties files. There is no impact on rule results.

Details
Stability improvements
Internal error fixed
Scope of rules have been provided

Details
Provided missing rule configurations and fields

Rule Id	New Rule	Details
1039050	TRUE	Add @Override on methods overriding or implementing a method declared in a super type

Rule Id	New Rule	Details
1039048	TRUE	Always prefer set Array designators "[]" on the type and not at variable
1039046	TRUE	Always use {@code} to wrap code statements or values such as null
1039044	TRUE	Avoid usage of BannedAPI when using ESAPI library
1039042	TRUE	"Optional.isPresent" should be used before invoking "Optional.get" to access value
1039040	TRUE	Avoid using XMLStreamReader without restriction of XML External Entity Reference (XXE)

Rule Id	New Rule	Details
1039038	TRUE	Avoid using XPathFactory without restriction of XML External Entity Reference (XXE)
1039036	TRUE	Avoid using XMLReader without restriction of XML External Entity Reference (XXE)
1039034	TRUE	Avoid using SAXParserFactory without restriction of XML External Entity Reference (XXE)
1039032	TRUE	Avoid using DocumentBuilder without restriction of XML External Entity Reference (XXE)
1039030	TRUE	Avoid using DefaultHttpClient constructor
1039028	TRUE	CWE-327: Avoid weak encryption providing not sufficient key size (JEE)