Qodana 2022.1 Is Available

khramushina

Anastasia

Posted on May 12, 2022

Qodana 2022.1 Is Available

We are continuously adding new functionality and improving Qodana, our code quality platform. To keep you updated about what’s new, we’re starting a series of regular release blog posts with the major release of Qodana 2022.1.

License audit has been an extra linter that had to be configured separately from the main linters. It now comes with Qodana out of the box. We also added a bunch of new and useful inspections for PHP and JVM linters. Read on to learn more!

GET STARTED WITH QODANA

License audit

Legal and compliance penalties for invalid or inappropriately used licenses in your code can be extremely costly. With Qodana, you can scan dependencies in your code repository to find their licenses and see whether there are any potential issues.

Qodana License Audit in action

With this release, we’ve made it easy to bring license auditing into your project and make it a part of your CI/CD pipeline. The new License audit feature is available for all linters, including Python, Java, Kotlin, PHP, and JavaScript.

To enable License audit, add the following lines to the qodana.yaml file in your project root:

include:
  - name: CheckDependencyLicenses
Enter fullscreen mode Exit fullscreen mode

If you need to ignore a specific dependency in your project, add the following lines:

dependencyIgnores:
- name: "dependency/name"
Enter fullscreen mode Exit fullscreen mode

Read our documentation for more information about custom configurations for License audit and check out this blog post to see how it can streamline working routines for developers, managers, and legal teams.

PHP inspections

This version of Qodana brings all of the new inspections from PhpStorm 2022.1 and adds them to your pipeline with our PHP linters. PhpStorm comes bundled with Qodana, so when Qodana notifies you about an issue in your code, you can open it right in your IDE for further investigation.

Duplicate array key

The behavior of array_merge() and merging with the + operator are different from each other in PHP. The latter will not override the value if the key is duplicated. This can lead to confusion and bugs, so Qodana for PHP now highlights such cases.

Usage of count($array) as array index

When appending an item to an array, there is no need to explicitly specify the index. Qodana for PHP can warn you about the redundant count() call.

Replace pow() call with **

PHP has had an ** exponentiation operator available since version 5.6. Qodana for PHP will suggest a quick-fix right in PhpStorm (Alt+Enter) to replace the old pow() calls with the ** operator.

Read-only properties

Private properties with read-only access inside a class can be declared with the readonly flag. Qodana for PHP will suggest updating the property declaration.

Final class constants

Starting with PHP 8.1, it is possible to declare constants as final. This is why Qodana for PHP will warn you about constants that are not inherited and suggest adding a final modifier to them. With the PhpStorm integration, you can quickly jump to the IDE to fix the issue.

rand function arguments in reverse order

This inspection highlights function calls from the rand family where the max argument can be less than the min. For example, calling rand(10, 1) is the same as calling rand(1, 10), but mt_rand() is strict about the order of its arguments.

Invalid mock target with PHPUnit

Qodana for PHP will warn you when you try to access a private or final method on a mock object.

Redundant modifier

This new inspection will report modifiers that are used in regular expression patterns but do not affect the match:

  • /i(case insensitivity) in patterns that contain no letters.
  • /D (PCRE_DOLLAR_ENDONLY) in patterns that do not contain a dollar sign or that contain the \m (PCRE_MULTILINE) modifier.
  • /s(dot matches line breaks) in patterns that contain no dots.

Unsupported modifier

This inspection will report usages of the /e modifier, which is deprecated in PHP versions 7.0 and later.

Java and Kotlin inspections

This release also adds new inspections from IntelliJ IDEA 2022.1 to Qodana for JVM. With our IntelliJ IDEA integration, if any issues are found, the erroneous code can be opened right in the IDE for a quick fix.

Let’s take a look at the most notable inspections.

Suspicious back reference

Qodana for JVM will find references that will not be resolvable at runtime.This means that the back reference can never match anything. A back reference will not be resolvable when the group is defined after the back reference, or if the group is defined in a different branch of an alternation.

‘InputStream’ and ‘OutputStream’ can be constructed using ‘Files’ methods

This inspection reports FileInputStream and FileOutputStream constructors when they can be replaced with Files.newInputStream() and Files.newOutputStream(), respectively. Streams created using Files methods are usually more efficient than those created by stream constructors.

Redundant @ScheduledForRemoval annotation

Qodana for JVM will warn you about the usage of @ApiStatus.ScheduledForRemoval annotations without the inVersion attribute, which targets Java 9 or a newer version of Java. It will suggest replacing such usages with the forRemoval attribute in the @Deprecated annotation to simplify your code.

Bulk ‘Files.readAttributes’ calls can be used instead of multiple file attribute calls

This inspection finds places where multiple java.io.File attribute checks, such as isDirectory, isFile, lastModified, or length, are used in a row. These calls can be replaced with a bulk Files.readAttributes call. The bulk method is usually more performant than multiple attribute checks.

Loop can be replaced with ‘List.replaceAll()’

This inspection reports loops that can be collapsed into a single List.replaceAll() call.

Number of placeholders does not match the number of arguments in logging call

Qodana for JVM will report SLF4J or Log4j 2 logging calls, such as logger.info(\"{}: {}\", key), where the number of {} placeholders in the logger message doesn’t match the number of other arguments in the logging call.

Regular expressions can be simplified

This inspection detects regular expressions that can be simplified.

To exclude certain inspections from your analysis, you can customize your default inspection profile or create a brand new one. You may also want to ​​enforce inspections that are important to your coding guidelines or best practices. Check out our Qodana documentation for more information.

That’s all that is new in Qodana 2022.1! We hope you’ll find our release blog posts useful. If you have any suggestions for future blog topics or if you want to learn more about how Qodana can help you and your business, post a comment here, tag us on Twitter, or contact us at qodana-support@jetbrains.com.

Your Qodana team

💖 💪 🙅 🚩
khramushina
Anastasia

Posted on May 12, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Qodana 2022.1 Is Available
java Qodana 2022.1 Is Available

May 12, 2022