Qodana 2022.1 Is Available #90
tiulpin
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Originally published at blog.jetbrains.com on May 12
We are continuously adding new functionality and improving Qodana, our code quality platform. To keep you updated about what’s new, we’re starting a series of regular release blog posts with the major release of Qodana 2022.1.
License audit has been an extra linter that had to be configured separately from the main linters. It now comes with Qodana out of the box. We also added a bunch of new and useful inspections for PHP and JVM linters. Read on to learn more!
GET STARTED WITH QODANA
License audit
Legal and compliance penalties for invalid or inappropriately used licenses in your code can be extremely costly. With Qodana, you can scan dependencies in your code repository to find their licenses and see whether there are any potential issues.
With this release, we’ve made it easy to bring license auditing into your project and make it a part of your CI/CD pipeline. The new License audit feature is available for all linters, including Python, Java, Kotlin, PHP, and JavaScript.
To enable License audit, add the following lines to the
qodana.yaml
file in your project root:If you need to ignore a specific dependency in your project, add the following lines:
Read our documentation for more information about custom configurations for License audit and check out this blog post to see how it can streamline working routines for developers, managers, and legal teams.
PHP inspections
This version of Qodana brings all of the new inspections from PhpStorm 2022.1 and adds them to your pipeline with our PHP linters. PhpStorm comes bundled with Qodana, so when Qodana notifies you about an issue in your code, you can open it right in your IDE for further investigation.
Duplicate array key
The behavior of
array_merge()
and merging with the+
operator are different from each other in PHP. The latter will not override the value if the key is duplicated. This can lead to confusion and bugs, so Qodana for PHP now highlights such cases.Usage of count($array) as array index
When appending an item to an array, there is no need to explicitly specify the index. Qodana for PHP can warn you about the redundant
count()
call.Replace pow() call with **
PHP has had an
**
exponentiation operator available since version 5.6. Qodana for PHP will suggest a quick-fix right in PhpStorm (Alt+Enter) to replace the oldpow()
calls with the ** operator.Read-only properties
Private properties with read-only access inside a class can be declared with the
readonly
flag. Qodana for PHP will suggest updating the property declaration.Final class constants
Starting with PHP 8.1, it is possible to declare constants as final. This is why Qodana for PHP will warn you about constants that are not inherited and suggest adding a
final
modifier to them. With the PhpStorm integration, you can quickly jump to the IDE to fix the issue.rand function arguments in reverse order
This inspection highlights function calls from the rand family where the max argument can be less than the min. For example, calling
rand(10, 1)
is the same as callingrand(1, 10)
, butmt_rand()
is strict about the order of its arguments.Invalid mock target with PHPUnit
Qodana for PHP will warn you when you try to access a private or final method on a mock object.
Redundant modifier
This new inspection will report modifiers that are used in regular expression patterns but do not affect the match:
/i
(case insensitivity) in patterns that contain no letters./D
(PCRE_DOLLAR_ENDONLY) in patterns that do not contain a dollar sign or that contain the\m
(PCRE_MULTILINE) modifier./s
(dot matches line breaks) in patterns that contain no dots.Unsupported modifier
This inspection will report usages of the
/e
modifier, which is deprecated in PHP versions 7.0 and later.Java and Kotlin inspections
This release also adds new inspections from IntelliJ IDEA 2022.1 to Qodana for JVM. With our IntelliJ IDEA integration, if any issues are found, the erroneous code can be opened right in the IDE for a quick fix.
Let’s take a look at the most notable inspections.
Suspicious back reference
Qodana for JVM will find references that will not be resolvable at runtime.This means that the back reference can never match anything. A back reference will not be resolvable when the group is defined after the back reference, or if the group is defined in a different branch of an alternation.
‘InputStream’ and ‘OutputStream’ can be constructed using ‘Files’ methods
This inspection reports
FileInputStream
andFileOutputStream
constructors when they can be replaced withFiles.newInputStream()
andFiles.newOutputStream()
, respectively. Streams created usingFiles
methods are usually more efficient than those created by stream constructors.Redundant @ScheduledForRemoval annotation
Qodana for JVM will warn you about the usage of
@ApiStatus.ScheduledForRemoval
annotations without theinVersion
attribute, which targets Java 9 or a newer version of Java. It will suggest replacing such usages with theforRemoval
attribute in the@Deprecated
annotation to simplify your code.Bulk ‘Files.readAttributes’ calls can be used instead of multiple file attribute calls
This inspection finds places where multiple java.io.File attribute checks, such as
isDirectory
,isFile
,lastModified
, orlength
, are used in a row. These calls can be replaced with a bulkFiles.readAttributes
call. The bulk method is usually more performant than multiple attribute checks.Loop can be replaced with ‘List.replaceAll()’
This inspection reports loops that can be collapsed into a single
List.replaceAll()
call.Number of placeholders does not match the number of arguments in logging call
Qodana for JVM will report
SLF4J
orLog4j 2
logging calls, such aslogger.info(\"{}: {}\", key)
, where the number of{}
placeholders in the logger message doesn’t match the number of other arguments in the logging call.Regular expressions can be simplified
This inspection detects regular expressions that can be simplified.
To exclude certain inspections from your analysis, you can customize your default inspection profile or create a brand new one. You may also want to enforce inspections that are important to your coding guidelines or best practices. Check out our Qodana documentation for more information.
That’s all that is new in Qodana 2022.1! We hope you’ll find our release blog posts useful. If you have any suggestions for future blog topics or if you want to learn more about how Qodana can help you and your business, post a comment here, tag us on Twitter, or contact us at [email protected].
Your Qodana team
Beta Was this translation helpful? Give feedback.
All reactions