Release Notes - 1.3

1.3.19-funcrel

Resolved Issues

Customer Ticket Id Details
48395 Fixes an issue with multiple Instantiated Methods. As a result after installing and using this release, the number of Type Parameter objects may increase while the number of Instantiated Method objects may decrease. The bookmarks of existing links may also be updated.
Callee Type Caller Type Details
Java Method Java Instantiated Method As a result of a bug fix, a reduction in the number of links from Java Methods to Java Instantiated Methods may be observed.

Other Updates

Details
A technical update to adapt JEE Quality Rules for Jakarta 9+.

Rules

Rule Id New Rule Details
7152 FALSE The Total and Detail procedures of the rule "Avoid Fields in Servlet Classes that are not final static" (7152) have been updated to consider Jakarta Servlets.
7492 FALSE The rule "Avoid Hibernate and JPA Entities using many-to-many association." (7492) has been updated to consider Jakarta Persistence annotations. Rule Description, Sample, Remediation Sample and Output have also been updated.
7496 FALSE Rule "Use table-per-subclass strategy when subclasses have many properties" (7496) has been updated to support Jakarta Persistence annotations.
7500 FALSE Rule "Use table-per-class-hierarchy when subclasses have few properties" (7500) has been updated to support Jakarta Persistence annotations.
7502 FALSE Rule "Never use an array to map Hibernate collection" (7502) was updated to support Jakarta Persistence. Missing violations with JPA annotations were fixed.
7504 FALSE Rule "Persistent classes should Implement hashCode() and equals()" (7504) has been updated to support Jakarta Persistence.
7506 FALSE Rule "equals() and hashCode() should be defined for Hibernate/JPA component" (7506) was updated to support Jakarta Persistence.
7636 FALSE Rule "Prefer using version number instead of timestamp for Hibernate Entity" (7636) has been updated to support Jakarta Persistence.
7654 FALSE Rule "Avoid database tables associated to more than one Hibernate Entity" (7654) has been updated to support Jakarta Persistence.
7700 FALSE The Total and Detail procedures of the rule "Struts1: Only Struts HTTP Servlet should be used for Struts based application" (7700) have been updated to support Jakarta Servlets.
7706 FALSE Rule "Avoid table and column names that are too long (portability)" (7706) has been updated to support Jakarta Persistence.
7722 FALSE Rule "Avoid using persistent class's identifier in equals() method" (7722) has been updated to consider Jakarta Persistence.
7730 FALSE Rule "Always use declarative transaction" (7730) has been updated to additionally consider relevant annotations from Jakarta EJB, Persistence & Transactions.
8100 FALSE Rule "Blocking synchronous calls should have associated timeouts" (8100) has been updated to consider Jakarta Messaging.
8104 FALSE Rule "Avoid missing release of SQL connection after an effective lifetime (JEE)" (8104) has been updated to consider Jakarta Persistence.
8214 FALSE Rule "Avoid operating on resource after expiration or release" (8214) has been updated to consider Jakarta Persistence.

New Support

Summary Details
Quality Rules updated to support Jakarta 9+ This release updates existing Quality Rules so that they are able to detect violations in code that uses Jakarta 9+. See the Rules section above for individual rule details.

1.3.18-funcrel

Resolved Issues

Customer Ticket Id Details
47645 Fixes an "Exception: EXCEPTION_ACCESS_VIOLATION" during the analysis.
47770 Fixes an "Exception: EXCEPTION_ACCESS_VIOLATION" during the analysis.
45680 Fixes a spelling error in the Rationale section of the rule "Avoid using deprecated method, constructor, field, type or package" (8220).

Other Updates

Details
Removes duplicate Entry/End Points found in .TCCSetup configuration files.
Adapt the JSF environment profile to Jakarta EE 9+.
Adapt the CDI environment profile to Jakarta EE 9+.
Adapt the JEE Servlet environment profile to Jakarta EE 9+.
Fixes an issue causing "JAVA044: Syntax not recognized" errors in the analysis log when analyzing JSP files.

Rules

Rule Id New Rule Details
4600 FALSE Improves the implementation of the rule "Avoid using Exit and Halt Methods on a Web/Application Server" (4600) to reduce the number of false positives.
8220 FALSE Fixes a spelling error in the Rationale section of the rule "Avoid using deprecated method, constructor, field, type or package" (8220).

New Support

Summary Details
JEE Environment Profile has been upgraded to support Jakarta Server Faces Adds 3 parametrization rules and 7 annotations
JEE Environment Profile has been upgraded to support Jakarta Contexts and Dependency Injection Adds 2 parametrization rules and 4 annotations
JEE Environment Profile has been upgraded to support Jakarta Servlet Adds 8 parametrization rules and 9 annotations

Transaction Improvements

Type Framework
The entry/end points configuration to compute Automated Function Points has now been moved to its own extension, see: com.castsoftware.java.config.tcc. This will facilitate updates when we need to modify entry/end points quickly. All supported frameworks.

1.3.17-funcrel

Note

This release is identical to 1.3.16-funcrel but does include some additional fixes to correct an "EXCEPTION_ACCESS_VIOLATION" error introduced in 1.3.16-funcrel.

Resolved Issues

Customer Ticket Id Details
46245 Fixing an access violation: 'All java files are not analyzed due to Exception: EXCEPTION_ACCESS_VIOLATION'.
46007 Fixing performance issue: 'JEE analysis is stuck at resolving dynamic link stage'.
46083 Fixing performance issue: 'JEE analysis is stuck at resolving dynamic link stage '.
40298 Fixes missing accessExecLinks(Ae) from Java Method objects to Java Lambda Expression objects.
44412 Fixes an access violation caused by an unknown Type Argument.
Callee Type Caller Type Details
Java Lambda Expression Java Method Added missing accessExecLink(Ae) from Java Methods to Lambda Expressions.

Other Updates

Details
Fixing an access violation: 'JEE technology dropped from snapshot computed after JEE 1.3.16-funcrel upgrade'.
Fixing performance issue: 'JEE Analysis stalled after step "JAVA307: Finished Resolving parametrization links…"'.
Fixes an access violation caused by an unknown Type Argument.

Rules

Rule Id New Rule Details
4600 FALSE Fixes false positives for rule 4600: "Avoid using Exit and Halt Methods on a Web/Application Server".
7494 FALSE Fixes incorrect set of objects being considered in the scope of rule 7494: "Persistent class method's equals() and hashCode() must access its fields through getter methods." The previous scope contained objects that are not in the scope of the rule.
7722 FALSE Fixes incorrect set of objects being considered in the scope of rule 7722: "Avoid using persistent class's identifier in equals() method". The previous scope contained objects that are not in the scope of the rule.

Performance Improvements

Summary
Avoid duplicate AccessExecLink for the same caller/callee.

1.3.16-funcrel

Note

This release is identical to 1.3.15-funcrel but does include some additional fixes to correct a performance issue introduced in 1.3.15-funcrel.

Resolved Issues

Customer Ticket Id Details
46007 Fixing performance issue: 'JEE analysis is stuck at resolving dynamic link stage'
46083 Fixing performance issue: 'JEE analysis is stuck at resolving dynamic link stage '
40298 Fixes missing accessExecLinks(Ae) from Java Method objects to Java Lambda Expression objects.
44412 Fixes an access violation caused by an unknown Type Argument.
Callee Type Caller Type Details
Java Lambda Expression Java Method Added missing accessExecLink(Ae) from Java Methods to Lambda Expressions.

Other Updates

Details
Fixing performance issue: 'JEE Analysis stalled after step "JAVA307: Finished Resolving parametrization links…"'
Fixes an access violation caused by an unknown Type Argument.

Rules

Rule Id New Rule Details
4600 FALSE Fixes false positives for rule 4600 "Avoid using Exit and Halt Methods on a Web/Application Server".
7494 FALSE Fixes incorrect set of objects being considered in the scope of rule 7494 "Persistent class method's equals() and hashCode() must access its fields through getter methods." The previous scope contained objects that are not in the scope of the rule.
7722 FALSE Fixes incorrect set of objects being considered in the scope of rule 7722 "Avoid using persistent class's identifier in equals() method". The previous scope contained objects that are not in the scope of the rule.

Performance Improvements

Summary
Avoid duplicate AccessExecLink for the same caller/callee

1.3.15-funcrel

Resolved Issues

Customer Ticket Id Details
40298 Fixes missing accessExecLinks(Ae) from Java Method objects to Java Lambda Expression objects.
44412 Fixes an access violation caused by an unknown Type Argument.
Callee Type Caller Type Details
Java Lambda Expression Java Method Added missing accessExecLink(Ae) from Java Methods to Lambda Expressions.

Other Updates

Details
Fixes an access violation caused by an unknown Type Argument.

Rules

Rule Id New Rule Details
4600 FALSE Fixes false positives for rule 4600 "Avoid using Exit and Halt Methods on a Web/Application Server"
7494 FALSE Fixes incorrect set of objects being considered in the scope of rule 7494 "Persistent class method's equals() and hashCode() must access its fields through getter methods." The previous scope contained objects that are not in the scope of the rule.
7722 FALSE Fixes incorrect set of objects being considered in the scope of rule 7722 "Avoid using persistent class's identifier in equals() method". The previous scope contained objects that are not in the scope of the rule.

1.3.14-funcrel

Resolved Issues

Customer Ticket Id Details
44210 Fixes missing links in chained method calls involving implicit Lombok Getter objects and Java Methods. We now create Getter objects for methods and classes containing Lombok annotations.
44425 Fixes a missing link between Java Methods due to a bug in the type resolution of a method argument. This fix builds upon the earlier fix to Lombok Getter generation also present in this release.
44299 Fixes missing links to Java method references and also improves their processing.
43411 Fixes an access violation seen during the resolve declarations phase for two Java files.
44636 Fixes the cause of a warning "JAVA090 Class 'x.y.z.className' not found in file as expected under classpath".
33826 Fixes false violations for the rule 7502 "Never use an array to map Hibernate collection".
42737 Fixes false violations for the rule 7502 "Never use an array to map Hibernate collection".
44970 Upgrades the Struts 2.5 Environment Profile jars to the latest version.
43518 Fixes a syntax warning due to a Unicode "\u0000" used as a default value during Jar processing.
Callee Type Caller Type Details
Implicitly Generated Java Method Java Method New links will be created from Java Methods to implicitly generated Java Methods from Lombok.
Java Method Java Method The new links to Lombok methods further improves resolution of chained method calls. Another fix improved the type resolution of method arguments involving Lombok Getters resulting in some new links.
Java Method Reference Java Method Added some missing links from Java Methods to Java Method References.

Other Updates

Details
Adds unit testing to check that the Lombok annotation @SuperBuilder is already supported.
Found the cause of missing link to a static Java Method.
Confirms the reason for a missing link to a Java Method of a Class present in a Jar file.
Fixes a syntax warning due to a Unicode "\u0000" used as a default value during Jar processing
Fixes improperly instantiated generic methods when Type Arguments have the same class names but are from different packages.
Fixes the cause of a random JAVA044 syntax warning while processing an empty character value from a Jar.

Rules

Rule Id New Rule Details
7502 FALSE Rule 7502 "Never use an array to map Hibernate collection" is moved to JEE and implemented as a scope and property based rule.

1.3.13-funcrel

Resolved Issues

Customer Ticket Id Details
42117 Fixes false positives for the rule (8108): "Avoid missing release of stream connection after an effective lifetime".
42470 Fixes an issue causing the JEE analyzer to crash with the message: "warning 'Unknown Exception'" during the "Resolving parametrization links" step.
42535 Fixes false positives for the rule (8216): "Avoid using incompatible mutation".
30703 Fixes an issue causing the warnings "Exception durring resolution of a target of method :in position line/col:0/0" and "Error in inference engine". during the "JAVA305: Computing dynamic links…" step.
42470 Fixes an issue causing the warning "Job execution Log the exception information: Unknown Exception…" during the "JAVA307: Resolving parametrization links…" step.
39615 The rule name and documentation for rule 7150 has been updated: 1) the rule name has been reverted to "Favor PreparedStatement or CallableStatement over Statement" (from "Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement") and 2) rule description text has been changed to remove the use of the word ""string interpolation".

Other Updates

Details
Fixed a regression in performance with 1.3.4-funcrel and added better exception management.

Rules

Rule Id New Rule Details
8108 FALSE Fixed false positives for rule 8108: "Avoid missing release of stream connection after an effective lifetime".
8216 FALSE Fixed false positives for rule 8216: "Avoid using incompatible mutation". The rule Rationale, References and Remediation were also updated.
7150 FALSE Name of the rule 7150 has been reverted to "Favor PreparedStatement or CallableStatement over Statement" from "Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement".
7654 FALSE The performance of the computation for the rule 7654: "Avoid database tables associated to more than one Hibernate Entity" has been improved.
7506 FALSE The performance of the computation for the rule 7506: "equals() and hashCode() should be defined for Hibernate/JPA component" has been improved.
7730 FALSE The performance of the computation for the rule 7730: "Always use declarative transaction" has been improved.

Performance Improvements

Summary
Improved performance of code that looks up symbol matches.
Improved performance for the following rules that process XML configuration files: 7506, 7654 and 7730.
Improved performance of the GUID saver step.

1.3.12-funcrel

Resolved Issues

Customer Ticket Id Details
32929 Fixes a resolution issue while processing classes with filenames containing UTF-8 characters.

Other Updates

Details
Fixes syntax warnings due to lack of support of Maps from JavaEE's Expression Language.
This change supports an updated behaviour for links from Java to SQL in new Python extensions. Extensions can now choose to disable links normally created by grep or the Inference Engine.

Performance Improvements

Summary
Improved the performance of an SQL procedure "DIAG_CHILDHOOD_PERSISTENT" used for the computation of Quality Rule violations.

1.3.11-funcrel

Resolved Issues

Customer Ticket Id Details
38165 Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)".
32928 Fixed the incorrect resolution of generic methods type. Links will now be updated/resolved to correct symbols.
32600 Fixed false violations for rule (7446): "Avoid double checked locking for JSE 4.x and previous version".
28903 Documentation updated for rule (7964): "Avoid directly instantiating a Class used as a managed bean".
40343 Fixed a crash issue which occured due to apostrophes used in a project name.
37751 Fixed false violations for rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)"
40894 Fixed an analysis crash issue with an unknown exception, which occured during GUID computation.
40780 Fixed an access violation seen while processing an XML configuration file.
39753 Fixed false positives for the rule (8108): "Avoid missing release of stream connection after an effective lifetime".
40777 Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)"
33674 Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)"
38101 Fixed Spring Batch Job objects being invalidly created in JEE
33238 Fixed the cause of syntax warnings for some methods called 'record', and some cases of nested type arguments.
40976 Fixed an access violation seen while processing an XML configuration file.
Callee Type Caller Type Details
Generic Method Type Generic Method Type of generic methods are being resolved.

Other Updates

Details
Rule 7192 is moved to JEE and implemented as a scope and property based rule.
Fixed an unknown exception observed in JEE due to a usage of Java Type Parameter.
Fixed Java analysis warnings seen in the Metric Assistant log.
Fixed Java analysis warnings seen in the Metric Assistant log.
Rule 4612 is moved to the JEE Analyzer.
Rule 4600 is moved to JEE and implemented as a scope and property based rule.
Added support for variable access in try-with-resource.

Rules

Rule Id New Rule Details
7446 FALSE False violations for rule "Avoid double checked locking for JSE 4.x and previous version" are fixed. The documentation under remediation, remediation samples & references have also been updated.
7192 FALSE Rule 7192 "Avoid using Struts Form that cannot extend Validator Class" are moved to JEE and implemented as a scope and property based rule.
7964 FALSE Updated the documentation with correct scope.
8104 FALSE Removed false violations for the rule "Avoid missing release of SQL connection after an effective lifetime (JEE)".
8108 FALSE Removed false violations for the rule "Avoid missing release of stream connection after an effective lifetime"
4612 FALSE Rule 4612 "Avoid using native Methods (JNI)" are moved to the JEE Analyzer.
4600 FALSE Rule 4600 "Avoid using Exit and Halt Methods on a Web/Application Server" are moved to JEE and implemented as a scope and property based rule.

1.3.10-funcrel

Note

The snapshot fails using the version 1.3.9-funcrel due to a SQL error in the scope of the rule: 'Hibernate-provided implementations from third parties should be used for connection pool'

Resolved Issues

Customer Ticket Id Details
37255 Fixed unresolved type.
38216 Fixes an issue where syntax is not recognized while passing resources to a try block.
39797 Fixes an issue causing a snapshot to fail with the error: missing FROM-clause entry for table "odd".
38346 Fixed an access violation seen in some cases of Switch Statements or Expressions.
37371 Fixed an access violation seen in some cases of Switch Statements or Expressions.
39033 Fixed an exception seen while parsing some Annotation parameters.
38594 Fixed an exception encountered while processing some "Type Arguments" in Lambda Expressions.
38434 Fixed an exception encountered while processing some "Type Arguments" in Lambda Expressions.
38175 Fixed the incomplete resolution of Lambda parameters. New links would now be created for these resolved symbols.
33723 Fixed a false positive for the rule (8108): "Avoid missing release of stream connection after an effective lifetime".
35133 Fixed false positives for the rule (8104): "Avoid missing release of SQL connection after an effective lifetime (JEE)".
35134 Fixed an issue that caused a missing violation for the rule (8108): "Avoid missing release of stream connection after an effective lifetime".
37019 Fixed false violations for the rule (7728): "Avoid thread creation for application running on application server" that were seen in a Spring Boot application (non-EJB).
38584 Fixed a false violation on rule 8214: "Avoid operating on resource after expiration or release".
Callee Type Caller Type Details
Java Parameter Java Lambda Expression New links from Lambdas to previously unresolved types may be observed

Other Updates

Details
Internal procedures used in quality rules have been updated to follow ANSI notation.
Fixed an exception seen while computing a snapshot for the rule (7702): "Hibernate-provided implementations from third parties should be used for connection pool".
Fixed multiple exceptions seen while analyzing a CAST application.
Fixed multiple exceptions seen while analyzing an external application.
Fixed duplicated internal set definitions used for quality rule scopes.
Fixed an internal procedure that was using a cartesian product.

Rules

Rule Id New Rule Details
7442 FALSE Rule name has been updated to "Avoid to use keyword 'this' within Constructor in multi-thread environment".
7728 FALSE Fixed false violations for the rule "Avoid thread creation for application running on application server", caused by the presence of Servlets without EJBs. The documentation on the rule output and total population have also been updated.
8108 FALSE Fixed cases of false positives and a missing violation for the rule: "Avoid missing release of stream connection after an effective lifetime".
8104 FALSE Fixed false positives for the rule: "Avoid missing release of SQL connection after an effective lifetime (JEE)". The scope of the rule has been corrected. The previous scope included all methods when in fact it should have been only methods that open database resources.
8214 FALSE The scope of the rule "Avoid operating on resource after expiration or release" has been corrected. The previous scope included all methods when in fact it should have been only methods that access either database or stream resources.

1.3.9-funcrel

Note

This extension has been withdrawn. All fixes and updates are present in 1.3.10-funcrel.

1.3.8-funcrel

Resolved Issues

Customer Ticket Id Details
36886 Enabled a warning indicating syntax errors in JSP files.
37115 Enabled a warning indicating syntax errors in JSP files.
37273 Fixed some missing accessExec links to implementation classes when an exact match is found.
36326 Fixed an issue with exception handling with plugins that caused the Java analysis to fail.
37448 Fixed a missing call to method Lambda
32587 Fixed the missing link from JPA Entity to referenced table.
33682 Fixed a false positive for the rule (7442): "Avoid to use this within Constructor in multi-thread environment". False positives were found while using the keyword "this" in a Method Reference.
Callee Type Caller Type Details
Table JPA Entity Fixed missing links in the case that annotation @Table is not used.
Java Method Java Method or Generic Method Added some missing accessExec links from callee Java methods to called Java methods in implementation classes.
Java Class Java Lambda Expression Fixed some incorrect relyOn links.
Java Method Java Lambda Expression Fixed some missing accessExec links.

Other Updates

Details
An improvement has been implemented to ensure that method signatures are normalized (removing whitespace) correctly throughout the entire analyzer.
Fixed the false links from Java Lambda Expression.
Fixed a syntax error being seen for casting with additional bounds.
Fixed exceptions seen with inferred types of some Lambda parameters.

Rules

Rule Id New Rule Details
7442 FALSE Fixed a false positive for the rule: "Avoid to use this within Constructor in multi-thread environment". False positives were found while using the keyword "this" in a Method Reference.

New Support

Summary Details
Add support for Java 16, 17 and 18 This release of JEE supports analysis of Java 16, 17 and 18 sources. Standardized features such as Records, Pattern matching and Sealed Classes are supported.

1.3.7-funcrel

Note

This release also includes the latest bug fixes from JEE's LTS release

Resolved Issues

Customer Ticket Id Details
35679 Fixed an exception that prevented saving of analysis results
36060 Fixed an exception that prevented saving of analysis results
32789 Fixed an exception that prevented saving of analysis results
36132 Documentation updated for the rule (7254): "Declare as Static all methods not using instance members".
32938 Fixed a bookmark issue on JSP files for the rule "Avoid using deprecated method, constructor, field, type or package".
32248 With this fix, JEE will always attempt to select the latest version, when multiple versions of the same JAR are referenced from a Maven repository.
Callee Type Caller Type Details
JEE objects SQL synonyms An invalid link type created was corrected.

Other Updates

Details
JEE Support for Java 14
JEE Support for Java 15
Fixed an exception that prevented saving of analysis results.
Fixed an invalid link type between JEE objects and SQL synonyms.
Corrected the procedure calculating the total value for the QR "Struts1: Avoid implementing Action Classes inheriting directly from Struts Action"
Fixed an issue with some Deprecated APIs from the Environment Profile for Java not being correctly marked. The issue occurred only where methods had the Deprecated annotation along with additional parameters like 'since' or 'forRemoval'. There may be additional violations seen for rules affected by the use of this annotation.

Rules

Rule Id New Rule Details
7254 FALSE Rule Description and References are updated to reflect that Spring Bean methods are excluded for the rule (7254): "Declare as Static all methods not using instance members".
7242 FALSE Total procedure corrected for the rule (7242): "Struts1: Avoid implementing Action Classes inheriting directly from Struts Action"
8220 FALSE Fixed two issues for the rule (8220): "Avoid using deprecated method, constructor, field, type or package". A bookmark issue was fixed where the rule incorrectly bookmarked an entire JSP file instead of the specific deprecated API usage within the file. The second fix was for methods marked with the Deprecated annotation and having parameters like 'since' or 'forRemoval' that were not processed correctly by the Analyzer. The number of violations for this rule may increase.

New Support

Summary Details
Add support for Java 14 & 15 This release of JEE now supports analysis of Java 14 and 15 sources. Standardized features such as switch-expression and text blocks are supported.

1.3.6-funcrel

Note

This release upgrades the Log4j inside JEE's Environment Profile to version 2.17.1

Resolved Issues

Customer Ticket Id Details
32611 Fixed a false positive for the rule "Avoid hard-coded network resource names (JEE)".
33758 Fixed false positives for the rule "Declare as Static all methods not using instance members".
33859 The total procedure for the rule "'super.finalize()' should be invoked when overriding finalize() method" has been upgraded and now has lower execution time.
32641 Removed false positives for the rule "Avoid testing floating point numbers for equality".
30819 Fixed the cause of the unexpected warning. No impact on the analysis results due to the warning.
33165 Fixed an unknown exception due to an issue with the stacking context.
21349 Fixed syntax errors seen in cases of annotations used within Fully Qualified Names and Method Headers.
32602 Fixed the initialization of plugins within the component.
33533 Fixed the cause of the unexpected warning. No impact on the analysis results due to the warning.
33242 Fixed total check 0 for the rule "Avoid non serializable Entity beans".

Other Updates

Details
The version of Log4j used in JEE's Environment Profile has been updated to 2.17.1
This fix enables the separation of the analysis task from the saving task.

Rules

Rule Id New Rule Details
8102 FALSE Fixed a false positive for the rule "Avoid hard-coded network resource names (JEE)"
4616 FALSE Improved the execution time of the total procedure for the Quality Rule "'super.finalize()' should be invoked when overriding finalize() method"
8096 FALSE Removed false positives for the rule "Avoid testing floating point numbers for equality"
7954 FALSE Quality rule "Avoid indirect String concatenation inside loops" is now a critical rule.
7254 FALSE Fixed false positives on Lombok UtilityClass annotated classes, and, methods with the Bean annotation for the rule "Declare as Static all methods not using instance members". The rule has now been moved to the JEE Analyzer. In some cases, previously missing violations may be added.
7710 FALSE Fixed the total procedure causing zero counts for the rule "Avoid non serializable Entity beans"

1.3.5-funcrel

Resolved Issues

Customer Ticket Id Details
31774 Fixed a crash seen during regex operation.
30891 Fixed some false positives for the QR "Provide a private default Constructor for utility Classes".
32113 Fixed syntax warnings observed for some java.net.* classes.

Other Updates

Details
Fixed an migration procedure returning null values in non-JEE analysis.
Address issues identified during the review of QRs 7710 and 7416.

Rules

Rule Id New Rule Details
7710 FALSE Corrected scope of QR "Avoid non serializable Entity beans" to all Persistent Entities(JPA & Hibernate).
7416 FALSE Rule "Struts1: Avoid Action Form Field without Validator" is moved to Scope & Property. Output of the rule is now fields in the case of Dynamic Form Beans and setters for Concrete Form Beans. Rule scope is also corrected - previous scope caused some repeated violations. False positives reported on non-Struts Forms were fixed.
7256 FALSE Fixed false positives due to lombok annotations for the QR "Provide a private default Constructor for utility Classes".

1.3.4-funcrel

Note

This release contains a fix that improves method and constructor resolution. The following changes may be observed due to this fix:

  • Increase in the total number of links and properties.
  • Better resolution of methods and constructors that were previously not being resolved.
  • Increased violations due to additionally resolved methods and constructors.

Resolved Issues

Customer Ticket Id Details
28490 Fixed missing links from service to DAO layers due to unresolved lombok getter/setter.
30120 Fixed issue with negative compliance in dashboard for QR "Never use an array to map Hibernate collection".
31296 A fix was made for an exception encountered while parsing a thrown exception.
30173 Fixed total check for the QR "Lazy fetching should be used for Hibernate collection".
30927 Fixed an exception that occurred due to incorrectly initialized Type Arguments.
25927 Fixed missing links between java methods called by abstraction.
27108 Fixed many false positives on private methods for the Quality Rules 4670, 4672 & 4674.

Other Updates

Details
A fix has been made in parametrization for JSP files.
Fixed an exception during snapshot for the QR "Struts1: Avoid Struts Fields in Action Classes that are not final static".

Rules

Rule Id New Rule Details
7502 FALSE Fixed negative compliance observed for QR "Never use an array to map Hibernate collection"
7488 FALSE Fixed total check for the QR "Lazy fetching should be used for Hibernate collection"
4616 FALSE Detail procedure has been corrected to include Java Generic Methods for the QR "'super.finalize()' should be invoked when overriding finalize() method"
7444 FALSE Fixed total procedure to ensure correct scope for the QR "Avoid Using Non-Serialized Beans with Session Scope"
7154 FALSE Fixed total value less than detail for the QR "Struts1: Avoid Struts Fields in Action Classes that are not final static"
4670 FALSE Removed false violations on private methods for QR 4670 "Public Methods must have JavaDoc comments"
4672 FALSE Removed false violations on private methods for QR 4672 "Public Methods must have appropriate JavaDoc @param tags"
4674 FALSE Removed false violations on private methods for QR 4674 "Public Methods must have appropriate JavaDoc @return tags"

1.3.3-funcrel

Resolved Issues

Customer Ticket Id Details
28504 Fixed a crash observed during resolution of a type parameter used in a Java Generic type.
28256 Fixed false positives for the QR: "Avoid directly instantiating a Class used as a managed bean".
28437 False positives from the usage of @Lob have been removed.
28567 The source code position for violations is now being set for JPA Entity properties.
28448 Fixed false positives for the QR: "Avoid directly instantiating a Class used as a managed bean".

Other Updates

Details
Confirmation of fix in 1.3.x for removal of GUID duplicate warnings for WSDL files.

Rules

Rule Id New Rule Details
7964 FALSE Removed false positives and updated rule samples

1.3.2-funcrel

Resolved Issues

Customer Ticket Id Details
27039 False positive for the rule (rule id: 7494), “Persistent class method's equals() and hashCode() must access its fields through getter methods” is fixed.

Rules

Rule Id New Rule Details
7494 FALSE Fixed false positives due to Lombok EqualsAndHashCode and Data
7506 FALSE Fixed false positives due to Lombok EqualsAndHashCode and Data
7434 FALSE False positives removed for the QR: "Ensure to override both equals() and hashCode()"
7238 FALSE Fixed false positives for the rule "Avoid calls between JSP Page for application using Struts framework"
7388 FALSE False violation removed for the QR: "Avoid artifacts having recursive call" violating XML file

1.3.1-funcrel

Note

JEE 1.3.1-funcrel has dependency on CAST AIP Internal Extension 0.9.0 LTS (the installation of internal platform 0.9.0 will be automatic).

Resolved Issues

Customer Ticket Id Details
22290 Fix for GUID changing between snapshots for AUs with mixed Java versions; GUID instability due to random jar usage and GUID instability with objects from Environment Profile vs classpath. Method GUID has been updated to use Short Names instead of Fully Qualified Names in parameters
Callee Type Caller Type Details
JPA Entity Java Method Missing 'Use Insert', 'Use Delete' and 'Use Select' links has been fixed. An increment in these types of links might be expected.

Other Updates

Details
GUID implementation now uses Short Names instead of Fully Qualified Names for Method Parameters

Rules

Rule Id New Rule Details
8102 FALSE Fixed false positives and improved bookmarks for the rule: Avoid hardcoded network resource names (JEE)
7202 FALSE False positives for Rule "Check usage of '==' and '!=' on objects" has been removed

1.3.0-funcrel

Note

The rule improvement made in this release of the extension, will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.

Rules

Rule Id New Rule Details
7722 FALSE Avoid using persistent class's identifier in equals() method. Incorrect bookmarks fixed and support for getters added.
8040 FALSE Struts 2: Avoid Action Fields without Validation. False violations removed.
4610 FALSE Avoid using anonymous Classes. The scope has been changed.

1.3.0-beta3

Note

The rule improvement made in this release of the extension, will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.

Resolved Issues

Customer Ticket Id Details
24663 Fix for invalid parsing errors due to presence of attributes without values in nodes in a JSP file. The change may result in more JSP objects along with links associated with them.
25724 Fix for an event invocation for extensions depending on JEE. The fix may result in more configuration file objects and links associated to them.

Rules

Rule Id New Rule Details
7134 FALSE [DEPRECATED] Avoid having Struts local forward with same name as Struts global forward
7488 FALSE Lazy fetching should be used for Hibernate collection. Additional information of fully qualified name of the field associated with the violating JPA entity property added.
4722 FALSE [DEPRECATED] Avoid having classes referencing Database objects
4606 FALSE Avoid using 'sun.*' Classes. Removed 'com.sun.*' from implementation as some packages like 'com.sun.jersey' are actively used. Changed the name, description, rationale and remediation
7710 FALSE Avoid non serializable Entity beans. Made Implementation Changes to remove false violations
4708 FALSE Avoid using Dynamic Instantiation. Made Implementation changes to remove false positives and wrong bookmark.

1.3.0-beta2

Note

This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. In addition, rules marked as [DEPRECATED] in the list below will not be triggered during any new analysis actioned with this release nor any future release of the extension - this may also impact the grades of your existing analysis results. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented. Lastly, this extension should not be used with AIP Core 8.3.24, 25, and 26 due to erroneous results - any previous or newer release of AIP Core should be used instead.

Rules

Rule Id New Rule Details
7292 FALSE Avoid cyclical calls and inheritances between packages. Sample, Remediation Sample and Reference Added. Decreased Weight and Threshold and made a non-critical rule.
8214 FALSE Avoid operating on resource after expiration or release. Scope and configuration changed.
4572 FALSE [DEPRECATED] Avoid declaring Final Instance Variables that are not initialized.
4568 FALSE [DEPRECATED] Avoid declaring Public Instance Variables.
4566 FALSE [DEPRECATED] Avoid declaring Instance Variables without defined access type.
7306 FALSE [DEPRECATED] Avoid declaring Inner Classes.
7308 FALSE [DEPRECATED] Avoid using Inner Classes.
4614 FALSE [DEPRECATED] Proper overriding of 'clone()'.
4560 FALSE Avoid large Interfaces - too many Methods (JEE). Improved Rationale.
4558 FALSE Avoid large Classes - too many Fields. Improved Rationale.
4556 FALSE Avoid large Classes - too many Constructors (JEE). Improved Rationale.
8218 FALSE [DEPRECATED] Content type should be checked when receiving a HTTP Post.
2258 FALSE [DEPRECATED] All image files should be in a specific directory.
4616 FALSE 'super.finalize()' should be invoked when overriding finalize() method'. Name, Description, Rationale, Sample and Remediation Sample Improved. Scope Changed
4656 FALSE Avoid declaring an exception in the method signature and not throwing it. Name, Description,Remediation and Reference Improved. Scope Changed.
4740 FALSE Field naming convention - case control. Rationale Improved.
4738 FALSE Constant naming convention - case control (JEE). Rationale improved. Configuration changed.
4736 FALSE Method naming convention - case control (JEE). Rationale improved.
4734 FALSE Class naming convention - case control (JEE). Rationale improved.
4732 FALSE Interface naming convention - case control. Rationale Improved.
4730 FALSE Package naming convention - case control. Rationale Improved.
4680 FALSE Public Fields must have JavaDoc Comments. Name, Description, Reference, Sample and Remediation Sample Improved. Scope changed.
7238 FALSE Avoid calls between JSP Page for application using Struts framework. Improved rule name.
8220 FALSE Avoid using deprecated method, constructor, field, type or package. Description, Reference, Sample and Remediation Sample Improved. Rule is updated to be a Non Critical Rule.
8136 FALSE CDI Beans with normal scope must be proxyable to avoid runtime errors. Name updated to be precise with the rule. Scope and configuration changed.
8100 FALSE Blocking synchronous calls should have associated timeouts. Description and Reference Improved. Added Sample, Remediation and Remediation Sample. Lowered the Threshold. Scope changed.
8016 FALSE Avoid unrestricted access to EJB remote methods. Name, Description, Rationale, Reference, Sample, Remediation and Remediation Sample changed. False violations have been removed.
8040 FALSE Struts 2: Avoid Action Fields without Validation. Name, Description and Reference changed. False violations have been removed.
7634 FALSE Avoid Hibernate Entity with 'select-before-update' set to true if not associated to table that fires an UPDATE trigger. Name, Description and Reference changed.
7202 FALSE Avoid using '==' and '!=' to compare objects. Name, Description, Rationale, Reference, Remediation and Remediation Sample Improved.Missing violation fixed.
7732 FALSE Avoid non validated inputs in JSP files that use JSF. Documentation Change. Name, Description, Rationale and Reference Improved. Missing violation fixed.
7910 FALSE Never exit a finally block with a return, break, continue, or throw statements. Name, Description,Sample and Remediation Sample Improved.
7940 FALSE Avoid accumulating Stateful Beans. Name, Description, Rationale, Sample, Remediation and Remediation Sample Improved. Fixed false violations.
7962 FALSE Avoid direct or indirect remote calls inside a loop. Description, Rationale, Reference, Sample and Remediation Sample Improved.
7362 FALSE [DEPRECATED] Avoid Struts action mappings validator turned off.
7382 FALSE Struts1: Avoid Struts Validator field without Form Field. Name, Description and Rationale Improved.
7372 FALSE Struts 1: Enable Struts Validator plugin. Name and Description changed. Added Sample.
7380 FALSE Struts 1: Avoid unused validation form. Name, Description and Rationale changed. Increased the Threshold.
7488 FALSE Lazy fetching should be used for Hibernate collection. Name, Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. Missing violation fixed.
7192 FALSE Avoid using Struts Form that cannot extend Validator Class. Name, Description, Reference, Sample and Remediation Sample changed. Threshold Increased.
7254 FALSE Declare as Static all methods not using instance members. Name and Description changed. Added Reference.
7416 FALSE Struts1: Avoid Action Form Field without Validator. Name, Description and Reference changed.
7154 FALSE Struts1: Avoid Struts Fields in Action Classes that are not final static. Name, Description, Rationale and Reference changed. Scope changed. Incorrect Bookmark fixed.
7494 FALSE Persistent class method's equals() and hashCode() must access its fields through getter methods. Name and Description changed. Missing violation fixed.
7140 FALSE Struts Action artifacts should not directly call a JSP page. Name, Description and Rationale changed. Changed it to Non Critical Rule since it is just a programming practice. Missing violations have been fixed.
7434 FALSE Ensure to override both equals() and hashCode(). Name, Description, Reference and Remediation changed.
7440 FALSE Avoid having suspicious similar method names or signatures in an inheritance tree. Name, Description and Remediation changed. Scope changed.
7438 FALSE Avoid non thread safe singleton. Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. False Violations removed.
7502 FALSE Never use an array to map Hibernate collection. Name, Description and Rationale changed. Missing Violations fixed.
7132 FALSE [DEPRECATED] Struts action Mappings should have few forwards.
7136 FALSE [DEPRECATED] Each method in an Action Class should have a small complexity.
7510 FALSE [DEPRECATED] Use only Hibernate API to access to the database.
7676 FALSE [DEPRECATED] Avoid too many packages referencing Mainframe.
7138 FALSE [DEPRECATED] Action Classes should only be called by Action Mappings tag (for Struts 1.x) or Action tag (for Struts 2.x).
4696 FALSE [DEPRECATED] Avoid using 'System.err' and 'System.out' within a try catch block.
2284 FALSE [DEPRECATED] Avoid large JSP Pages - too many Scriptlets.
2236 FALSE [DEPRECATED] Avoid use of standard SQL API.
2282 FALSE [DEPRECATED] Avoid large Include Files.
4698 FALSE [DEPRECATED] Avoid using 'System.err' and 'System.out' outside a try catch block.
4574 FALSE [DEPRECATED] Avoid using deprecated objects.
2278 FALSE [DEPRECATED] Check the use of "foreach" custom tag library.
2244 FALSE [DEPRECATED] Avoid undocumented Web Server Pages.
2242 FALSE [DEPRECATED] Avoid direct definition of JavaScript Functions in a Web page (JEE).
2248 FALSE [DEPRECATED] Avoid Web Server pages having a very low Comment/Code ratio.
2280 FALSE [DEPRECATED] Avoid using Document.all collection.
2264 FALSE [DEPRECATED] All page files should be in a specific directory.
8104 FALSE Avoid missing release of SQL connection after an effective lifetime (JEE). Name, Description, Rationale and Reference changed. Threshold has been increased.
7144 FALSE [DEPRECATED] Avoid using database objects from Struts Action Artifacts.
7936 FALSE [DEPRECATED] Avoid using finalize().
7508 FALSE Getter of collection-typed persistent attributes should return the correct interface type. Name, Description and Reference changed.
7150 FALSE [DEPRECATED] Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement.
7146 FALSE Always have JSP pages referencing Java Objects associated to JEE Scoped Bean. Name, Description and Reference changed Sample and Remediation Sample has been added.
4674 FALSE Public Methods must have appropriate JavaDoc @return tags. Name Changed. Reference, Sample, Remediation and Remediation Sample has been added.
4618 FALSE Avoid instantiating a Boolean object. Name, Description and Rationale changed Reference, Sample and Remediation Sample has been added
4716 FALSE Avoid Classes implementing too many Interfaces (JEE). Description changed Rationale, Sample and Remediation Sample has been added
7134 FALSE Struts1: Avoid having Struts local forward with same name as Struts global forward. Name, Description and Output changed Rationale, Sample, Remediation and Remediation Sample has been added.
4704 FALSE Avoid using Vector. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample has been added
4670 FALSE Public Methods must have JavaDoc comments. Name, Description and Output changed Reference, Sample, Remediation and Remediation Sample has been added. Scope changed.
7640 FALSE Avoid using catch blocks with assertion. Name, Description and Rationale changed Reference has been added.
7648 FALSE Avoid an explicit call to finalize(). Name, Description and Rationale, Reference and Remediation changed. Scope changed. Weight Increased.
7702 FALSE Hibernate-provided implementations from third parties should be used for connection pool. Name, Description, Rationale, Reference and Remediation changed
7700 FALSE Struts1: Only Struts HTTP Servlet should be used for Struts based application. Name, Description and Remediation changed. Remediation Sample added.
7712 FALSE Avoid public/protected setter for the generated identifier field. Description and Remediation changed.
7720 FALSE [DEPRECATED] Avoid too many EJB beans.
7726 FALSE Avoid Struts Action Classes that call packages having direct access to database. Name, Description, Rationale and Output changed. Sample and Remediation Sample added. Scope changed.
7942 FALSE Avoid EJBs using 'synchronized' qualifier, 'wait', 'notify' and 'notifyAll' Methods. Description and Rationale changed. Reference, Sample and Remediation Sample added.
7964 FALSE Avoid directly instantiating a Class used as a managed bean. Description changed. Removed false violations and fixed missing violations.
7954 FALSE Avoid indirect String concatenation inside loops. Description, Rationale, Reference, Sample and Remediation Sample changed
7506 FALSE equals() and hashCode() should be defined for Hibernate/JPA component. Name,Description and Rationale changed. Missing violation fixed.
7190 FALSE Struts1: Validate() Method of Struts Validator form must call super.validate(). Name, Description, Rationale, Reference and Sample changed Threshold value Increased. Changed to a Critical Rule since it impacts Security.
7152 FALSE Avoid Fields in Servlet Classes that are not final static. Description, Rationale and Reference changed Sample and Remediation Sample added.
7252 FALSE Call 'super.finalize ()' in the "finally" block of 'finalize ()' methods.Description, Rationale and Reference improved.
4706 FALSE Avoid using Hashtable. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample added
2266 FALSE [DEPRECATED] Avoid non standard file extensions (JEE)
7220 FALSE [DEPRECATED] Avoid Unused Imports
7188 FALSE [DEPRECATED] Private fields must have JavaDoc Comments
2254 FALSE [DEPRECATED] Avoid large Page files (JEE)
7142 FALSE [DEPRECATED] Action Classes should have only one public method
2260 FALSE [DEPRECATED] All script files should be in a specific directory
4668 FALSE [DEPRECATED] Classes and Interfaces must have JavaDoc @author tag
4678 FALSE [DEPRECATED] Public Methods must have appropriate JavaDoc @exception tags
4676 FALSE Public Methods must have appropriate JavaDoc @throws/@exception tags. Name, Description, Rationale and output changed Reference, Sample, Remediation and Remediation Sample added. Missing violation fixed
4694 FALSE Avoid using 'System.gc' and 'Runtime.gc'. Name, Description, Rationale Improved. Reference, Sample, Remediation and Remediation Sample added. Threshold Value Increased and changed it to a critical rule. Missing violation fixed
4672 FALSE Public Methods must have appropriate JavaDoc @param tags. Name, Description, Rationale changed Reference, Sample and Remediation Sample added
4718 FALSE Avoid having package without enough Classes/Interfaces. Remediation added
1022000 FALSE [DEPRECATED] Avoid weak encryption algorithm as DES and triple DES
4666 FALSE Classes and Interfaces must have JavaDoc Comments. Description Changed. Reference, Sample, Remediation, Remediation Sample added.
7708 FALSE Avoid using session.setFlushMode(FlushMode.COMMIT, FlushMode.NEVER or FlushMode.MANUAL). Rationale and Reference improved. Sample and Remediation Sample added.
7240 FALSE [DEPRECATED] Struts Action Classes should only call Business Classes
4596 FALSE Avoid using 'java.lang.System.getenv()'. Description Changed. Sample and Reference added.
7682 FALSE Avoid having Hibernate domain model depending on other Java APIs. Name and Description Changed. Remediation Sample added.
7734 FALSE Avoid using debug() method without calling isDebugEnabled() method. Name,Description, Reference Sample, Remediation Sample and Scope Changed.
7722 FALSE Avoid using persistent class's identifier in equals() method. Name,Description, Rationale,Reference, Remediation, Output and Scope Changed. Missing violation fixed.
7638 FALSE Avoid directly managing the connection to the database by using DriverManager. Name,Description, Rationale,Reference, Sample, Remediation Sample and Remediation, Output and Scope changed. Threshold Increased. Changed it to a critical rule.
7728 FALSE Avoid thread creation for application running on application server. Description, Reference, Grade Impact Changed. Threshold Increased. Changed it to a critical rule.
7956 FALSE [DEPRECATED] Avoid indirect exception handling inside loops
7206 FALSE Avoid the use of Instanceof inside loops. Name,Description, Rationale,Reference,Remediation Sample and Remediation Changed. Scope Changed
7562 FALSE Avoid static Field of type collection. Description, Rationale,Reference,Sample and Remediation Sample Changed. Removed False Violation.
7256 FALSE Provide a private default Constructor for utility Classes. Name, Description, and Reference Changed.
7496 FALSE Use table-per-subclass strategy when subclasses have many properties. Description, Rationale, Reference, Sample and Remediation Sample Changed. Missing violation fixed.
4570 FALSE Avoid declaring Non Final Class Variables with Public, Protected or Package access type. Name, Description, and Rationale Changed. Reference, Sample and Remediation Sample added. Missing violation fixed.
7730 FALSE Always use declarative transaction. Name, Description, Sample and Remediation Sample Changed.
7196 FALSE Avoid large number of String concatenation (JEE). Description, Rationale, Reference and Sample Changed.
2238 FALSE Avoid unreferenced JSP pages. Name, Description, Remediation, Output and Scope Changed.
7148 FALSE [DEPRECATED] JSP pages should always be accessed through their tiles definition
4744 FALSE [DEPRECATED] EJB Entity access through their local Interface
2262 FALSE [DEPRECATED] All cascading style sheet files should be in specific directory
8096 FALSE Avoid testing floating point numbers for equality. Description, Sample,Remediation Sample, Reference and Thresholds Changed. Changed to a Critical Rule. Missing violation fixed.
8038 FALSE Struts 2: Avoid Struts Validator field without Form Field. Name, Description, Rationale and Scope Changed
7710 FALSE Avoid non serializable Entity beans. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed.
7704 FALSE All static fields in the enterprise bean class should be declared as final. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed. Incorrect bookmark fixed.
7678 FALSE Avoid logging using basic java log files.Name, Description, Rationale, Remediation and Reference Changed. Missing violation fixed.
7490 FALSE Avoid UPDATE trigger firing when not necessary. Description Improved.
4700 FALSE [DEPRECATED] Avoid using 'Throwable.printStackTrace()' within a try catch block
7444 FALSE Avoid Using Non-Serialized Beans with Session Scope. Name, Description, Rationale, Sample, Remediation Sample, Scope and Reference Changed.
7500 FALSE Use table-per-class-hierarchy when subclasses have few properties. Description, Sample, Remediation Sample and Reference Changed. Missing violation fixed.
7248 FALSE Avoid Packages with High Afferent Coupling (CA). Output and Scope Changed. Remediation and Reference Added.
4702 FALSE Avoid using 'Throwable.printStackTrace()' with no argument. Description, Rationale and Reference Changed. Remediation Sample Added.
4612 FALSE Avoid using native Methods (JNI). Description, Rationale, Reference, Scope and Configuration Changed. Sample and Remediation added.
4600 FALSE Avoid using Exit and Halt Methods on a Web/Application Server. Name, Description, Rationale, Output and Configuration Changed. Sample, Remediation and Remediation Sample added. Changed it to a Critical Rule. Missing violation fixed
4746 FALSE [DEPRECATED] EJB Session access through their local Interface
4576 FALSE [DEPRECATED] Provide accessors to Private Fields
4598 FALSE Avoid using 'java.lang.Runtime.exec()'. Description, Rationale, Reference, Sample and Remediation added.Increased Threshold. Changed it to a Critical Rule.
4604 FALSE Avoid using 'java.lang.Error'. Reference and Sample changed. Remediation, Remediation Sample added. Scope Changed.
4708 FALSE Avoid using Dynamic Instantiation. Reference, Sample and Remediation Sample Added.
4606 FALSE Avoid using 'sun.*' and 'com.sun.*' Classes. Name, Description, Reference and Output Changed. Remediation and Sample Added.
7650 FALSE All types of a serializable Class must be serializable. Description, Rationale and Reference Changed. Scope Changed.
7654 FALSE Avoid database tables associated to more than one Hibernate Entity. Description, Sample and Output Changed. Reference And Remediation Sample Added. Missing violation fixed.
7716 FALSE Avoid defining singleton or factory classes when using Spring. Name, Description, Rationale, Reference, Sample, Remediation, Remediation Sample and Configuration Changed.
7668 FALSE [DEPRECATED] Avoid using DOM parser for large or medium sized XML file parsing
4578 FALSE Collection interfaces should be used as method return types instead of their implementation classes. Name and Configuation Changed. Reference, Sample and Remediation Sample Added.
4580 FALSE Collection declarations should use interfaces instead of implementation classes. Name and Configuration Changed. Reference, Sample and Remediation Sample Added.
7498 FALSE Avoid Incorrect implementation of getters and setters for Collection Type. Configuration Changed. Sample and Remediation Sample Added.
7200 FALSE Avoid String concatenation in loops. False violation fixed.
7492 FALSE Avoid Hibernate and JPA Entities using many-to-many association. Description Changed
7636 FALSE Prefer using version number instead of timestamp for Hibernate Entity. Sample and Remediation Sample Added. Made a non Critical rule. Scope of the rule extended to check annotation based Hibernate Entities.
4602 FALSE Avoid using Fields (non static final) from other Classes. Sample and Remediation Sample Added. Weight Reduced. False violation in case where an inner class access a field from the base class of an outer class is fixed.
8042 FALSE Struts 2: Avoid unused validation form. Name, Description, Remediation and Remediation Sample Improved. Scope Definition aligned with the rule. Added the Missing RelyOn Link to fix a False Violation.
7724 FALSE Overriden equals() Methods in persistent Subclasses should only reference properties from the persistent base Class. Name and Description Improved. Missing Violations are fixed with correct bookmarks.
7250 FALSE Avoid String initialization with String object (created using the 'new' keyword). Name Improved, Reference added.

Performance Improvements

Summary
Performance issues related to Quality Rule "Avoid unused import in jsp file" are fixed.

1.3.0-beta1

Note

This extension has been withdrawn.

Rules

Rule Id New Rule Details
4558 FALSE Avoid large Classes - too many Fields. Improved Rationale.
4556 FALSE Avoid large Classes - too many Constructors (JEE). Improved Rationale.
8218 FALSE [DEPRECATED] Content type should be checked when receiving a HTTP Post.
2258 FALSE [DEPRECATED] All image files should be in a specific directory.
4656 FALSE Avoid declaring an exception in the method signature and not throwing it. Name, Description,Remediation and Reference Improved. Scope Changed.
4740 FALSE Field naming convention - case control. Rationale Improved.
4738 FALSE Constant naming convention - case control (JEE). Rationale improved. Configuration changed.
4736 FALSE Method naming convention - case control (JEE). Rationale improved.
4732 FALSE Interface naming convention - case control. Rationale Improved.
4730 FALSE Package naming convention - case control. Rationale Improved.
4680 FALSE Public Fields must have JavaDoc Comments. Name, Description, Reference, Sample and Remediation Sample Improved. Scope changed.
7238 FALSE Avoid calls between JSP Page for application using Struts framework. Improved rule name.
8220 FALSE Avoid using deprecated method, constructor, field, type or package. Description, Reference, Sample and Remediation Sample Improved. Rule is updated to be a Non Critical Rule.
8136 FALSE CDI Beans with normal scope must be proxyable to avoid runtime errors. Name updated to be precise with the rule. Scope and configuration changed.
8100 FALSE Blocking synchronous calls should have associated timeouts. Description and Reference Improved. Added Sample, Remediation and Remediation Sample. Lowered the Threshold. Scope changed.
8016 FALSE Avoid unrestricted access to EJB remote methods. Name, Description, Rationale, Reference, Sample, Remediation and Remediation Sample changed. False violations have been removed.
8040 FALSE Struts 2: Avoid Action Fields without Validation. Name, Description and Reference changed. False violations have been removed.
7634 FALSE Avoid Hibernate Entity with 'select-before-update' set to true if not associated to table that fires an UPDATE trigger. Name, Description and Reference changed.
7202 FALSE Avoid using '==' and '!=' to compare objects. Name, Description, Rationale, Reference, Remediation and Remediation Sample Improved.Missing violation fixed.
7732 FALSE Avoid non validated inputs in JSP files that use JSF. Documentation Change. Name, Description, Rationale and Reference Improved. Missing violation fixed.
7910 FALSE Never exit a finally block with a return, break, continue, or throw statements. Name, Description,Sample and Remediation Sample Improved.
7940 FALSE Avoid accumulating Stateful Beans. Name, Description, Rationale, Sample, Remediation and Remediation Sample Improved. Fixed false violations.
7962 FALSE Avoid direct or indirect remote calls inside a loop. Description, Rationale, Reference, Sample and Remediation Sample Improved.
7362 FALSE [DEPRECATED] Avoid Struts action mappings validator turned off.
7382 FALSE Struts1: Avoid Struts Validator field without Form Field. Name, Description and Rationale Improved.
7372 FALSE Struts 1: Enable Struts Validator plugin. Name and Description changed. Added Sample.
7380 FALSE Struts 1: Avoid unused validation form. Name, Description and Rationale changed. Increased the Threshold.
7488 FALSE Lazy fetching should be used for Hibernate collection. Name, Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. Missing violation fixed.
7192 FALSE Avoid using Struts Form that cannot extend Validator Class. Name, Description, Reference, Sample and Remediation Sample changed. Threshold Increased.
7254 FALSE Declare as Static all methods not using instance members. Name and Description changed. Added Reference.
7416 FALSE Struts1: Avoid Action Form Field without Validator. Name, Description and Reference changed.
7154 FALSE Struts1: Avoid Struts Fields in Action Classes that are not final static. Name, Description, Rationale and Reference changed. Scope changed. Incorrect Bookmark fixed.
7494 FALSE Persistent class method's equals() and hashCode() must access its fields through getter methods. Name and Description changed. Missing violation fixed.
7140 FALSE Struts Action artifacts should not directly call a JSP page. Name, Description and Rationale changed. Changed it to Non Critical Rule since it is just a programming practice. Missing violations have been fixed.
7434 FALSE Ensure to override both equals() and hashCode(). Name, Description, Reference and Remediation changed.
7440 FALSE Avoid having suspicious similar method names or signatures in an inheritance tree. Name, Description and Remediation changed. Scope changed.
7438 FALSE Avoid non thread safe singleton. Description, Rationale, Reference, Remediation, Sample and Remediation Sample changed. False Violations removed.
7502 FALSE Never use an array to map Hibernate collection. Name, Description and Rationale changed. Missing Violations fixed.
7132 FALSE [DEPRECATED] Struts action Mappings should have few forwards.
7136 FALSE [DEPRECATED] Each method in an Action Class should have a small complexity.
7510 FALSE [DEPRECATED] Use only Hibernate API to access to the database.
7676 FALSE [DEPRECATED] Avoid too many packages referencing Mainframe.
7138 FALSE [DEPRECATED] Action Classes should only be called by Action Mappings tag (for Struts 1.x) or Action tag (for Struts 2.x).
4696 FALSE [DEPRECATED] Avoid using 'System.err' and 'System.out' within a try catch block.
2284 FALSE [DEPRECATED] Avoid large JSP Pages - too many Scriptlets.
2236 FALSE [DEPRECATED] Avoid use of standard SQL API.
2282 FALSE [DEPRECATED] Avoid large Include Files.
4698 FALSE [DEPRECATED] Avoid using 'System.err' and 'System.out' outside a try catch block.
4574 FALSE [DEPRECATED] Avoid using deprecated objects.
2278 FALSE [DEPRECATED] Check the use of "foreach" custom tag library.
2244 FALSE [DEPRECATED] Avoid undocumented Web Server Pages.
2242 FALSE [DEPRECATED] Avoid direct definition of JavaScript Functions in a Web page (JEE).
2248 FALSE [DEPRECATED] Avoid Web Server pages having a very low Comment/Code ratio.
2280 FALSE [DEPRECATED] Avoid using Document.all collection.
2264 FALSE [DEPRECATED] All page files should be in a specific directory.
8104 FALSE Avoid missing release of SQL connection after an effective lifetime (JEE). Name, Description, Rationale and Reference changed. Threshold has been increased.
7144 FALSE [DEPRECATED] Avoid using database objects from Struts Action Artifacts.
7936 FALSE [DEPRECATED] Avoid using finalize().
7508 FALSE Getter of collection-typed persistent attributes should return the correct interface type. Name, Description and Reference changed.
7150 FALSE [DEPRECATED] Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement.
7146 FALSE Always have JSP pages referencing Java Objects associated to JEE Scoped Bean. Name, Description and Reference changed Sample and Remediation Sample has been added.
4674 FALSE Public Methods must have appropriate JavaDoc @return tags. Name Changed. Reference, Sample, Remediation and Remediation Sample has been added.
4618 FALSE Avoid instantiating a Boolean object. Name, Description and Rationale changed Reference, Sample and Remediation Sample has been added
4716 FALSE Avoid Classes implementing too many Interfaces (JEE). Description changed Rationale, Sample and Remediation Sample has been added
7134 FALSE Struts1: Avoid having Struts local forward with same name as Struts global forward. Name, Description and Output changed Rationale, Sample, Remediation and Remediation Sample has been added.
4704 FALSE Avoid using Vector. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample has been added
4670 FALSE Public Methods must have JavaDoc comments. Name, Description and Output changed Reference, Sample, Remediation and Remediation Sample has been added. Scope changed.
7640 FALSE Avoid using catch blocks with assertion. Name, Description and Rationale changed Reference has been added.
7648 FALSE Avoid an explicit call to finalize(). Name, Description and Rationale, Reference and Remediation changed. Scope changed. Weight Increased.
7702 FALSE Hibernate-provided implementations from third parties should be used for connection pool. Name, Description, Rationale, Reference and Remediation changed
7700 FALSE Struts1: Only Struts HTTP Servlet should be used for Struts based application. Name, Description and Remediation changed. Remediation Sample added.
7712 FALSE Avoid public/protected setter for the generated identifier field. Description and Remediation changed.
7720 FALSE [DEPRECATED] Avoid too many EJB beans.
7726 FALSE Avoid Struts Action Classes that call packages having direct access to database. Name, Description, Rationale and Output changed. Sample and Remediation Sample added. Scope changed.
7942 FALSE Avoid EJBs using 'synchronized' qualifier, 'wait', 'notify' and 'notifyAll' Methods. Description and Rationale changed. Reference, Sample and Remediation Sample added.
7964 FALSE Avoid directly instantiating a Class used as a managed bean. Description changed. Removed false violations and fixed missing violations.
7954 FALSE Avoid indirect String concatenation inside loops. Description, Rationale, Reference, Sample and Remediation Sample changed
7506 FALSE equals() and hashCode() should be defined for Hibernate/JPA component. Name,Description and Rationale changed. Missing violation fixed.
7190 FALSE Struts1: Validate() Method of Struts Validator form must call super.validate(). Name, Description, Rationale, Reference and Sample changed Threshold value Increased. Changed to a Critical Rule since it impacts Security.
7152 FALSE Avoid Fields in Servlet Classes that are not final static. Description, Rationale and Reference changed Sample and Remediation Sample added.
7252 FALSE Call 'super.finalize ()' in the "finally" block of 'finalize ()' methods.Description, Rationale and Reference improved.
4706 FALSE Avoid using Hashtable. Description, Rationale and Remediation changed Reference, Sample and Remediation Sample added
2266 FALSE [DEPRECATED] Avoid non standard file extensions (JEE)
7220 FALSE [DEPRECATED] Avoid Unused Imports
7188 FALSE [DEPRECATED] Private fields must have JavaDoc Comments
2254 FALSE [DEPRECATED] Avoid large Page files (JEE)
7142 FALSE [DEPRECATED] Action Classes should have only one public method
2260 FALSE [DEPRECATED] All script files should be in a specific directory
4668 FALSE [DEPRECATED] Classes and Interfaces must have JavaDoc @author tag
4678 FALSE [DEPRECATED] Public Methods must have appropriate JavaDoc @exception tags
4676 FALSE Public Methods must have appropriate JavaDoc @throws/@exception tags. Name, Description, Rationale and output changed Reference, Sample, Remediation and Remediation Sample added. Missing violation fixed
4694 FALSE Avoid using 'System.gc' and 'Runtime.gc'. Name, Description, Rationale Improved. Reference, Sample, Remediation and Remediation Sample added. Threshold Value Increased and changed it to a critical rule. Missing violation fixed
4672 FALSE Public Methods must have appropriate JavaDoc @param tags. Name, Description, Rationale changed Reference, Sample and Remediation Sample added
4718 FALSE Avoid having package without enough Classes/Interfaces. Remediation added
1022000 FALSE [DEPRECATED] Avoid weak encryption algorithm as DES and triple DES
4666 FALSE Classes and Interfaces must have JavaDoc Comments. Description Changed. Reference, Sample, Remediation, Remediation Sample added.
7708 FALSE Avoid using session.setFlushMode(FlushMode.COMMIT, FlushMode.NEVER or FlushMode.MANUAL). Rationale and Reference improved. Sample and Remediation Sample added.
7240 FALSE [DEPRECATED] Struts Action Classes should only call Business Classes
4596 FALSE Avoid using 'java.lang.System.getenv()'. Description Changed. Sample and Reference added.
7682 FALSE Avoid having Hibernate domain model depending on other Java APIs. Name and Description Changed. Remediation Sample added.
7734 FALSE Avoid using debug() method without calling isDebugEnabled() method. Name,Description, Reference Sample, Remediation Sample and Scope Changed.
7722 FALSE Avoid using persistent class's identifier in equals() method. Name,Description, Rationale,Reference, Remediation, Output and Scope Changed. Missing violation fixed.
7638 FALSE Avoid directly managing the connection to the database by using DriverManager. Name,Description, Rationale,Reference, Sample, Remediation Sample and Remediation, Output and Scope changed. Threshold Increased. Changed it to a critical rule.
7728 FALSE Avoid thread creation for application running on application server. Description, Reference, Grade Impact Changed. Threshold Increased. Changed it to a critical rule.
7956 FALSE [DEPRECATED] Avoid indirect exception handling inside loops
7206 FALSE Avoid the use of Instanceof inside loops. Name,Description, Rationale,Reference,Remediation Sample and Remediation Changed. Scope Changed
7562 FALSE Avoid static Field of type collection. Description, Rationale,Reference,Sample and Remediation Sample Changed. Removed False Violation.
7256 FALSE Provide a private default Constructor for utility Classes. Name, Description, and Reference Changed.
7496 FALSE Use table-per-subclass strategy when subclasses have many properties. Description, Rationale, Reference, Sample and Remediation Sample Changed. Missing violation fixed.
4570 FALSE Avoid declaring Non Final Class Variables with Public, Protected or Package access type. Name, Description, and Rationale Changed. Reference, Sample and Remediation Sample added. Missing violation fixed.
7730 FALSE Always use declarative transaction. Name, Description, Sample and Remediation Sample Changed.
7196 FALSE Avoid large number of String concatenation (JEE). Description, Rationale, Reference and Sample Changed.
2238 FALSE Avoid unreferenced JSP pages. Name, Description, Remediation, Output and Scope Changed.
7148 FALSE [DEPRECATED] JSP pages should always be accessed through their tiles definition
4744 FALSE [DEPRECATED] EJB Entity access through their local Interface
2262 FALSE [DEPRECATED] All cascading style sheet files should be in specific directory
8096 FALSE Avoid testing floating point numbers for equality. Description, Sample,Remediation Sample, Reference and Thresholds Changed. Changed to a Critical Rule. Missing violation fixed.
8038 FALSE Struts 2: Avoid Struts Validator field without Form Field. Name, Description, Rationale and Scope Changed
7710 FALSE Avoid non serializable Entity beans. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed.
7704 FALSE All static fields in the enterprise bean class should be declared as final. Name, Description, Rationale, Sample, Remediation Sample and Reference Changed. Incorrect bookmark fixed.
7678 FALSE Avoid logging using basic java log files.Name, Description, Rationale, Remediation and Reference Changed. Missing violation fixed.
7490 FALSE Avoid UPDATE trigger firing when not necessary. Description Improved.
4700 FALSE [DEPRECATED] Avoid using 'Throwable.printStackTrace()' within a try catch block
7444 FALSE Avoid Using Non-Serialized Beans with Session Scope. Name, Description, Rationale, Sample, Remediation Sample, Scope and Reference Changed.
7500 FALSE Use table-per-class-hierarchy when subclasses have few properties. Description, Sample, Remediation Sample and Reference Changed. Missing violation fixed.
7248 FALSE Avoid Packages with High Afferent Coupling (CA). Output and Scope Changed. Remediation and Reference Added.
4702 FALSE Avoid using 'Throwable.printStackTrace()' with no argument. Description, Rationale and Reference Changed. Remediation Sample Added.
4612 FALSE Avoid using native Methods (JNI). Description, Rationale, Reference, Scope and Configuration Changed. Sample and Remediation added.
4600 FALSE Avoid using Exit and Halt Methods on a Web/Application Server. Name, Description, Rationale, Output and Configuration Changed. Sample, Remediation and Remediation Sample added. Changed it to a Critical Rule. Missing violation fixed
4746 FALSE [DEPRECATED] EJB Session access through their local Interface
4576 FALSE [DEPRECATED] Provide accessors to Private Fields
4598 FALSE Avoid using 'java.lang.Runtime.exec()'. Description, Rationale, Reference, Sample and Remediation added.Increased Threshold. Changed it to a Critical Rule.
4604 FALSE Avoid using 'java.lang.Error'. Reference and Sample changed. Remediation, Remediation Sample added. Scope Changed.
4708 FALSE Avoid using Dynamic Instantiation. Reference, Sample and Remediation Sample Added.
4606 FALSE Avoid using 'sun.*' and 'com.sun.*' Classes. Name, Description, Reference and Output Changed. Remediation and Sample Added.
7650 FALSE All types of a serializable Class must be serializable. Description, Rationale and Reference Changed. Scope Changed.
7654 FALSE Avoid database tables associated to more than one Hibernate Entity. Description, Sample and Output Changed. Reference And Remediation Sample Added. Missing violation fixed.
7716 FALSE Avoid defining singleton or factory classes when using Spring. Name, Description, Rationale, Reference, Sample, Remediation, Remediation Sample and Configuration Changed.
7668 FALSE [DEPRECATED] Avoid using DOM parser for large or medium sized XML file parsing
4578 FALSE Collection interfaces should be used as method return types instead of their implementation classes. Name and Configuation Changed. Reference, Sample and Remediation Sample Added.
4580 FALSE Collection declarations should use interfaces instead of implementation classes. Name and Configuration Changed. Reference, Sample and Remediation Sample Added.
7498 FALSE Avoid Incorrect implementation of getters and setters for Collection Type. Configuration Changed. Sample and Remediation Sample Added.
7200 FALSE Avoid String concatenation in loops. False violation fixed.
7492 FALSE Avoid Hibernate and JPA Entities using many-to-many association. Description Changed
4614 FALSE [DEPRECATED] Proper overriding of 'clone'()

Performance Improvements

Summary
Performance issues related to Quality Rule "Avoid unused import in jsp file" are fixed.