An extensible multilanguage static code analyzer.
The PMD team is pleased to announce PMD 6.50.0.
This is a minor release.
This release of PMD adds support for Luau, a gradually typed language derived from Lua. This means, that the Lua language in PMD can now parse both Lua and Luau.
UnusedPrivateField now ignores private fields, if the fields are
annotated with any annotation or the enclosing class has any annotation. Annotations often enable a
framework (such as dependency injection, mocking or e.g. Lombok) which use the fields by reflection or other
means. This usage can't be detected by static code analysis. Previously these frameworks where explicitly allowed
by listing their annotations in the property "ignoredAnnotations", but that turned out to be prone of false
positive for any not explicitly considered framework. That's why the property "ignoredAnnotations" has been
deprecated for this rule.CommentDefaultAccessModifier now by default ignores JUnit5 annotated
methods. This behavior can be customized using the property ignoredAnnotations.--ignore-literal-sequences argument when analyzing Lua code.Many thanks to our sponsors:
The PMD team is pleased to announce PMD 6.49.0.
This is a minor release.
This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog.
In order to reduce the dependency on Apex Jorje classes, the following methods have been deprecated. These methods all leaked internal Jorje enums. These enums have been replaced now by enums the PMD's AST package.
ASTAssignmentExpression#getOperator
ASTBinaryExpression#getOperator
ASTBooleanExpression#getOperator
ASTPostfixExpression#getOperator
ASTPrefixExpression#getOperator
All these classes have now a new getOp() method. Existing code should be refactored to use this method instead.
It returns the new enums, like AssignmentOperator, and avoids
the dependency to Jorje.
ast package - @eklimoThe PMD team is pleased to announce PMD 6.48.0.
This is a minor release.
This release of PMD brings support for Java 19. There are no new standard language features.
PMD supports JEP 427: Pattern Matching for switch (Third Preview) and JEP 405: Record Patterns (Preview) as preview language features.
In order to analyze a project with PMD that uses these language features,
you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language
version 19-preview:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 19-preview ...
Note: Support for Java 17 preview language features have been removed. The version "17-preview" is no longer available.
Thanks to the contribution from Anne Brouwers PMD now has CPD support for the Gherkin language. It is used to defined test cases for the Cucumber testing tool for behavior-driven development.
Being based on a proper Antlr grammar, CPD can:
--debug flag--debug. This option has the same behavior as in PMD. It enables more verbose
logging output.isRegressionTest of test-code is deprecated. The new
attribute disabled should be used instead for defining whether a rule test should be skipped or not.reinitializeRule and useAuxClasspath of test-code are deprecated and assumed true.
They will not be replaced.focused of test-code allows disabling all tests except the focused one temporarily.ASTGuardedPattern has been deprecated and
will be removed. It was introduced for Java 17 and Java 18 Preview as part of pattern matching for switch,
but it is no longer supported with Java 19 Preview.CPDRenderer is deprecated. For custom CPD renderers
the new interface CPDReportRenderer should be used.TestDescriptor is deprecated, replaced with RuleTestDescriptor.RuleTst have been deprecated as internal API.Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi annotation. You'll also get a deprecation warning.
CPDConfiguration#setRenderer
CPDConfiguration#setCPDRenderer
CPDConfiguration#getRenderer
CPDConfiguration#getCPDRenderer
CPDConfiguration#getRendererFromString
CPDConfiguration#getCPDRendererFromString
CPDRendererAdapter
Many thanks to our sponsors:
The PMD team is pleased to announce PMD 6.47.0.
This is a minor release.
No changes.
The PMD team is pleased to announce PMD 6.46.0.
This is a minor release.
The PMD CLI now allows repeating the --dir (-d) and --rulesets (-R) options,
as well as providing several space-separated arguments to either of them. For instance:
pmd -d src/main/java src/test/java -R rset1.xml -R rset2.xml
This also allows globs to be used on the CLI if your shell supports shell expansion. For instance, the above can be written
pmd -d src/*/java -R rset*.xml
Please use theses new forms instead of using comma-separated lists as argument to these options.
When executing CPD on C# sources, the option --ignore-annotations is now supported as well.
It ignores C# attributes when detecting duplicated code. This option can also be enabled via
the CPD GUI. See #3974 for details.
This release ships with 2 new Java rules.
EmptyControlStatement reports many instances of empty things, e.g. control statements whose
body is empty, as well as empty initializers.
EmptyControlStatement also works for empty for and do loops, while there were previously
no corresponding rules.
This new rule replaces the rules EmptyFinallyBlock, EmptyIfStmt, EmptyInitializer, EmptyStatementBlock, EmptySwitchStatements, EmptySynchronizedBlock, EmptyTryBlock, and EmptyWhileStmt.
<rule ref="category/java/codestyle.xml/EmptyControlStatement"/>
The rule is part of the quickstart.xml ruleset.
UnnecessarySemicolon reports semicolons that are unnecessary (so called "empty statements"
and "empty declarations").
This new rule replaces the rule EmptyStatementNotInLoop.
<rule ref="category/java/codestyle.xml/UnnecessarySemicolon"/>
The rule is part of the quickstart.xml ruleset.
EmptyControlStatement merges their functionality:
EmptyStatementNotInLoop is deprecated and removed from the quickstart
ruleset. Use the new rule UnnecessarySemicolon instead.Ruleset references with the following formats are now deprecated and will produce a warning when used on the CLI or in a ruleset XML file:
<lang-name>-<ruleset-name>, eg java-basic, which resolves to rulesets/java/basic.xml
600, which resolves to rulesets/releases/600.xml
Use the explicit forms of these references to be compatible with PMD 7.
toString is now deprecated. The format of this
method will remain the same until PMD 7. The deprecation is intended to steer users
away from relying on this format, as it may be changed in PMD 7.getInputPaths and
setInputPaths are now deprecated.
A new set of methods have been added, which use lists and do not rely on comma splitting.Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi annotation. You'll also get a deprecation warning.
CPDCommandLineInterface has been internalized. In order to execute CPD either
CPD#run or CPD#main
should be used.BaseCPDCLITest have been deprecated with replacements.Formatter#start,
Formatter#end, Formatter#getRenderer,
and Formatter#isNoOutputSupplied have been internalized.The PMD team is pleased to announce PMD 6.45.0.
This is a minor release.
Help shape the future of PMD by telling us how you use it.
Our little survey is still open in case you didn't participate yet. Please participate in our survey at https://forms.gle/4d8r1a1RDzfixHDc7.
Thank you!
This version of PMD ships a new language module to support analyzing of HTML. Support for HTML is experimental and might change without notice. The language implementation is not complete yet and the AST doesn't look well for text nodes and comment nodes and might be changed in the future. You can write your own rules, but we don't guarantee that the rules work with the next (minor) version of PMD without adjustments.
Please give us feedback about how practical this new language is in discussions. Please report missing features or bugs as new issues.
AvoidInlineStyles finds elements which use a style attribute.
In order to help maintaining a webpage it is considered good practice to separate content and styles. Instead
of inline styles one should use CSS files and classes. <rule ref="category/html/bestpractices.xml/AvoidInlineStyles" />
UnnecessaryTypeAttribute finds "link" and "script" elements which
still have a "type" attribute. This is not necessary anymore since modern browsers automatically use CSS and
JavaScript. <rule ref="category/html/bestpractices.xml/UnnecessaryTypeAttribute" />
UseAltAttributeForImages finds "img" elements without an "alt"
attribute. An alternate text should always be provided in order to help screen readers. <rule ref="category/html/bestpractices.xml/UseAltAttributeForImages" />
UnusedPrivateField has a new property ignoredFieldNames.
The default ignores serialization-specific fields (eg serialVersionUID).
The property can be used to ignore more fields based on their name.
Note that the rule used to ignore fields named IDENT, but doesn't anymore (add this value to the property to restore the old behaviour).Report#filterViolations creates a new report with
some violations removed with a given predicate based filter.Report#union can combine two reports into a single new Report.net.sourceforge.pmd.util.Predicate will be replaced in PMD7 with the standard Predicate interface from java8.pmd-html is entirely experimental right now. Anything in the package
net.sourceforge.pmd.lang.html should be used cautiously.The PMD team is pleased to announce PMD 6.44.0.
This is a minor release.
Help shape the future of PMD by telling us how you use it.
Please participate in our survey at https://forms.gle/4d8r1a1RDzfixHDc7.
Thank you!
This release of PMD brings support for Java 18. There are no new standard language features.
PMD also supports JEP 420: Pattern Matching for switch (Second Preview) as a preview language feature. In order to analyze a project with PMD that uses these language features, you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 18-preview:
export PMD_JAVA_OPTS=--enable-preview
./run.sh pmd -language java -version 18-preview ...
Note: Support for Java 16 preview language features have been removed. The version "16-preview" is no longer available.
The new rule class DomXPathRule is intended to replace usage of the XPathRule for XML rules. This rule executes the XPath query in a different way, which sticks to the XPath specification. This means the expression is interpreted the same way in PMD as in all other XPath development tools that stick to the standard. You can for instance test the expression in an online XPath editor.
Prefer using this class to define XPath rules: replace the value of the class attribute with net.sourceforge.pmd.lang.xml.rule.DomXPathRule like so:
<rule name="MyXPathRule"
language="xml"
message="A message"
class="net.sourceforge.pmd.lang.xml.rule.DomXPathRule">
<properties>
<property name="xpath">
<value><![CDATA[
/a/b/c[@attr = "5"]
]]></value>
</property>
<!-- Note: the property "version" is ignored, remove it. The query is XPath 2. -->
</properties>
</rule>
The rule is more powerful than XPathRule, as it can now handle XML namespaces, comments and processing instructions. Please refer to the Javadoc of DomXPathRule for information about the differences with XPathRule and examples.
XPathRule is still perfectly supported for all other languages, including Apex and Java.
The new XPath functions pmd:startLine, pmd:endLine, pmd:startColumn, and pmd:endColumn are now available in XPath rules for all languages. They replace the node attributes @BeginLine, @EndLine and such. These attributes will be deprecated in a future release.
Please refer to the documentation of these functions for more information, including usage samples.
Note that the function pmd:endColumn returns an exclusive index, while the attribute @EndColumn is inclusive. This is for forward compatibility with PMD 7, which uses exclusive end indices.
This release introduces a new programmatic API to replace the inflexible PMD class.
Programmatic execution of PMD should now be done with a PMDConfiguration and a PmdAnalysis, for instance:
PMDConfiguration config = new PMDConfiguration();
config.setDefaultLanguageVersion(LanguageRegistry.findLanguageByTerseName("java").getVersion("11"));
config.setInputPaths("src/main/java");
config.prependAuxClasspath("target/classes");
config.setMinimumPriority(RulePriority.HIGH);
config.addRuleSet("rulesets/java/quickstart.xml");
config.setReportFormat("xml");
config.setReportFile("target/pmd-report.xml");
try (PmdAnalysis pmd = PmdAnalysis.create(config)) {
// note: don't use `config` once a PmdAnalysis has been created.
// optional: add more rulesets
pmd.addRuleSet(pmd.newRuleSetLoader().loadFromResource("custom-ruleset.xml"));
// optional: add more files
pmd.files().addFile(Paths.get("src", "main", "more-java", "ExtraSource.java"));
// optional: add more renderers
pmd.addRenderer(renderer);
// or just call PMD
pmd.performAnalysis();
}
The PMD class still supports methods related to CLI execution: runPmd and main. All other members are now deprecated for removal. The CLI itself remains compatible, if you run PMD via command-line, no action is required on your part.
Several members of PMD have been newly deprecated, including:
PMD#EOL: use System#lineSeparator()
PMD#SUPPRESS_MARKER: use DEFAULT_SUPPRESS_MARKER
PMD#processFiles: use the new programmatic API
PMD#getApplicableFiles: is internalPMDConfiguration#prependClasspath is deprecated
in favour of prependAuxClasspath.
PMDConfiguration#setRuleSets and
getRuleSets are deprecated. Use instead
setRuleSets,
addRuleSet,
and getRuleSetPaths.
Several members of BaseCLITest have been deprecated with replacements.
Several members of PMDCommandLineInterface have been explicitly deprecated.
The whole class however was deprecated long ago already with 6.30.0. It is internal API and should
not be used.
In modelica, the rule classes AmbiguousResolutionRule
and ConnectUsingNonConnector have been deprecated,
since they didn't comply to the usual rule class naming conventions yet.
The replacements are in the subpackage bestpractices.
Together with the new programmatic API the interface
TextFile has been added as experimental. It intends
to replace DataSource and SourceCode in the long term.
This interface will change in PMD 7 to support read/write operations
and other things. You don't need to use it in PMD 6, as FileCollector
decouples you from this. A file collector is available through PmdAnalysis#files.
The PMD team is pleased to announce PMD 6.43.0.
This is a minor release.
!= null as positive conditionSome API deprecations were performed in core PMD classes, to improve compatibility with PMD 7.
Report: the constructor and other construction methods like addViolation or createReportRuleContext: all constructors, getters and setters. A new set
of stable methods, matching those in PMD 7, was added to replace the addViolation
overloads of AbstractRule. In PMD 7, RuleContext will
be the API to report violations, and it can already be used as such in PMD 6.configuration is unused and will be removed.Those APIs are not intended to be used by clients, and will be hidden or removed with PMD 7.0.0.
You can identify them with the @InternalApi annotation. You'll also get a deprecation warning.
RuleSet: methods that serve to apply rules, including apply, start, end, removeDysfunctionalRules
AbstractAccumulatingRenderer#renderFileReport is internal API
and should not be overridden in own renderers.It is now forbidden to report a violation:
null nodenull messagenull set of format arguments (prefer a zero-length array)Note that the message is set from the XML rule declaration, so this is only relevant if you instantiate rules manually.
RuleContext now requires setting the current rule before calling
apply. This is
done automatically by RuleSet#apply and such. Creating and configuring a
RuleContext manually is strongly advised against, as the lifecycle of RuleContext
will change drastically in PMD 7.
The PMD team is pleased to announce PMD 6.42.0.
This is a minor release.
Rhino, the implementation of JavaScript we use for parsing JavaScript code, has been updated to the latest version 1.7.14. Now language features like template strings can be parsed. However Rhino does not support all features of the latest EcmaScript standard.
FinalParameterInAbstractMethod detects parameters that are
declared as final in interfaces or abstract methods. Declaring the parameters as final is useless
because the implementation may choose to not respect it. <rule ref="category/java/codestyle.xml/FinalParameterInAbstractMethod" />
The rule is part of the quickstart.xml ruleset.
ApexDoc has a new property reportProperty.
If set to false (default is true if unspecified) doesn't report missing ApexDoc comments on properties.
It allows you to enforce ApexDoc comments for classes and methods without requiring them for properties.No changes.
The PMD team is pleased to announce PMD 6.41.0.
This is a minor release.
PMD now has its own official GitHub Action: GitHub Action for PMD. It can execute PMD with your own ruleset against your project. It creates a SARIF report which is uploaded as a build artifact. Furthermore the build can be failed based on the number of violations.
Feedback and pull requests are welcome at https://github.com/pmd/pmd-github-action.
This minor release will be the last one in 2021. The next release is scheduled to be end of January 2022.
valueOf(char [], int, int) is usedThe command line options for PMD and CPD now use GNU-syle long options format. E.g. instead of -rulesets the
preferred usage is now --rulesets. Alternatively one can still use the short option -R.
Some options also have been renamed to a more consistent casing pattern at the same time
(--fail-on-violation instead of -failOnViolation).
The old single-dash options are still supported but are deprecated and will be removed with PMD 7.
This change makes the command line interface more consistent within PMD and also less surprising
compared to other cli tools.
The changes in detail for PMD:
| old option | new option |
|---|---|
-rulesets |
--rulesets (or -R) |
-uri |
--uri |
-dir |
--dir (or -d) |
-filelist |
--file-list |
-ignorelist |
--ignore-list |
-format |
--format (or -f) |
-debug |
--debug |
-verbose |
--verbose |
-help |
--help |
-encoding |
--encoding |
-threads |
--threads |
-benchmark |
--benchmark |
-stress |
--stress |
-shortnames |
--short-names |
-showsuppressed |
--show-suppressed |
-suppressmarker |
--suppress-marker |
-minimumpriority |
--minimum-priority |
-property |
--property |
-reportfile |
--report-file |
-force-language |
--force-language |
-auxclasspath |
--aux-classpath |
-failOnViolation |
--fail-on-violation |
--failOnViolation |
--fail-on-violation |
-norulesetcompatibility |
--no-ruleset-compatibility |
-cache |
--cache |
-no-cache |
--no-cache |
The changes in detail for CPD:
| old option | new option |
|---|---|
--failOnViolation |
--fail-on-violation |
-failOnViolation |
--fail-on-violation |
--filelist |
--file-list |