Download Latest Version
PMD 7.0.0-rc3 (30-May-2023).zip (18.8 MB)
Get an email when there's a new version of pmd
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| pmd-src-6.4.0.zip | 2018-05-29 | 11.6 MB | |
| pmd-bin-6.4.0.zip | 2018-05-29 | 43.1 MB | |
| pmd-doc-6.4.0.zip | 2018-05-29 | 3.7 MB | |
| PMD 6.4.0 (29-May-2018).tar.gz | 2018-05-29 | 9.8 MB | |
| PMD 6.4.0 (29-May-2018).zip | 2018-05-29 | 11.6 MB | |
| README.md | 2018-05-29 | 9.2 kB | |
| Totals: 6 Items | 79.7 MB | 0 | |
29-May-2018 - 6.4.0
The PMD team is pleased to announce PMD 6.4.0.
This is a minor release.
Table Of Contents
New and noteworthy
Java 10 Support
PMD is now able to understand local-variable type inference as introduced by Java 10.
Simple type resolution features are available, e.g. the type of the variable s is inferred
correctly as String:
var s = "Java 10";
XPath Type Resolution Functions
For some time now PMD has supported Type Resolution, and exposed this functionality to XPath rules for the Java language
with the typeof function. This function however had a number of shortcomings:
- It would take a first arg with the name to match if types couldn't be resolved. In all cases this was
@Imagebut was still required. - It required 2 separate arguments for the Fully Qualified Class Name and the simple name of the class against which to test.
- If only the Fully Qualified Class Name was provided, no simple name check was performed (not documented, but abused on some rules to "fix" some false positives).
In this release we are deprecating typeof in favor of a simpler typeIs function, which behaves exactly as the
old typeof when given all 3 arguments.
typeIs receives a single parameter, which is the fully qualified name of the class to test against.
So, calls such as:
:::ruby
//ClassOrInterfaceType[typeof(@Image, 'junit.framework.TestCase', 'TestCase')]
can now we expressed much more concisely as:
:::ruby
//ClassOrInterfaceType[typeIs('junit.framework.TestCase')]
With this change, we also allow to check against array types by just appending [] to the fully qualified class name.
These can be repeated for arrays of arrays (e.g. byte[][] or java.lang.String[]).
Additionally, we introduce the companion function typeIsExactly, that receives the same parameters as typeIs,
but checks for exact type matches, without considering the type hierarchy. That is, the test
typeIsExactly('junit.framework.TestCase') will match only if the context node is an instance of TestCase, but
not if it's an instance of a subclass of TestCase. Be aware then, that using that method with abstract types will
never match.
New Rules
-
The new Java rule
HardCodedCryptoKey(java-security) detects hard coded keys used for encryption. It is recommended to store keys outside of the source code. -
The new Java rule
IdenticalCatchBranches(java-codestyle) finds catch blocks, that catch different exception but perform the same exception handling and thus can be collapsed into a multi-catch try statement.
Modified Rules
-
The Java rule JUnit4TestShouldUseTestAnnotation (
java-bestpractices) has a new parameter "testClassPattern". It is used to distinguish test classes from other classes and avoid false positives. By default, any class, that has "Test" in its name, is considered a test class. -
The Java rule CommentDefaultAccessModifier (
java-codestyle) allows now by default the comment "/* package */in addition to "/* default */. This behavior can still be adjusted by setting the propertyregex.
Fixed Issues
- all
- java
- #672: [java] Support exact type matches for type resolution from XPath
- #743: [java] Prepare for Java 10
- #1077: [java] Analyzing enum with lambda passed in constructor fails with "The enclosing scope must exist."
- #1115: [java] Simplify xpath typeof syntax
- #1131: [java] java.lang.ClassFormatError: Absent Code attribute in method that is not native or abstract in class file javax/faces/application/FacesMessage$Severity
- java-bestpractices
- java-codestyle
- #720: [java] ShortVariable should whitelist lambdas
- #955: [java] Detect identical catch statements
- #1114: [java] Star import overwritten by explicit import is not correctly handled
- #1064: [java] ClassNamingConventions suggests to add Util suffix for simple exception wrappers
- #1065: [java] ClassNamingConventions shouldn't prohibit numbers in class names
- #1067: [java] [6.3.0] PrematureDeclaration false-positive
- #1096: [java] ClassNamingConventions is too ambitious on finding utility classes
- java-design
- java-performance
- doc
- vf-security
- #1100: [vf] URLENCODE is ignored as valid escape method
API Changes
- The following classes in package
net.sourceforge.pmd.benchmarkhave been deprecated:Benchmark,Benchmarker,BenchmarkReport,BenchmarkResult,RuleDuration,StringBuilderCRandTextReport. Their API is not supported anymore and is disconnected from the internals of PMD. Use the newer API based aroundTimeTrackerinstead, which can be found in the same package. - The class
net.sourceforge.pmd.lang.java.xpath.TypeOfFunctionhas been deprecated. Use the newerTypeIsFunctionin the same package. - The
typeofmethdos innet.sourceforge.pmd.lang.java.xpath.JavaFunctionshave been deprecated. Use the newertypeIsmethod in the same class instead.. - The methods
isA,isEitherandisNeitherofnet.sourceforge.pmd.lang.java.typeresolution.TypeHelper. Use the newisExactlyAnyandisExactlyNonemethods in the same class instead.
External Contributions
- #966: [java] Issue [#955]: add new rule to detect identical catch statement - Clément Fournier and BBG
- #1046: [java] New security rule for finding hard-coded keys used for cryptographic operations - Sergey Gorbaty
- #1101: [java] Fixes false positive for
DoNotExtendJavaLangError- Akshat Bahety - #1106: [vf] URLENCODE is ignored as valid escape method - Robert Sösemann
- #1126: [java] Improve implementation hint in InefficientEmptyStringCheck - krichter722
- #1129: [java] Adjust InefficientEmptyStringCheck documentation - krichter722
- #1137: [ui] Removes the need for RefreshAST - Akshat Bahety