We are continuously adding new functionality and improving Qodana, our code quality platform. To keep you updated about what’s new, we’re starting a series of regular release blog posts with the major release of Qodana 2022.1.
License audit has been an extra linter that had to be configured separately from the main linters. It now comes with Qodana out of the box. We also added a bunch of new and useful inspections for PHP and JVM linters. Read on to learn more!
License audit
Legal and compliance penalties for invalid or inappropriately used licenses in your code can be extremely costly. With Qodana, you can scan dependencies in your code repository to find their licenses and see whether there are any potential issues.
With this release, we’ve made it easy to bring license auditing into your project and make it a part of your CI/CD pipeline. The new License audit feature is available for all linters, including Python, Java, Kotlin, PHP, and JavaScript.
To enable License audit, add the following lines to the qodana.yaml
file in your project root:
include:
- name: CheckDependencyLicenses
If you need to ignore a specific dependency in your project, add the following lines:
dependencyIgnores:
- name: "dependency/name"
Read our documentation for more information about custom configurations for License audit and check out this blog post to see how it can streamline working routines for developers, managers, and legal teams.
PHP inspections
This version of Qodana brings all of the new inspections from PhpStorm 2022.1 and adds them to your pipeline with our PHP linters. PhpStorm comes bundled with Qodana, so when Qodana notifies you about an issue in your code, you can open it right in your IDE for further investigation.
Duplicate array key
The behavior of array_merge()
and merging with the +
operator are different from each other in PHP. The latter will not override the value if the key is duplicated. This can lead to confusion and bugs, so Qodana for PHP now highlights such cases.
Usage of count($array) as array index
When appending an item to an array, there is no need to explicitly specify the index. Qodana for PHP can warn you about the redundant count()
call.
Replace pow() call with **
PHP has had an **
exponentiation operator available since version 5.6. Qodana for PHP will suggest a quick-fix right in PhpStorm (Alt+Enter) to replace the old pow()
calls with the ** operator.
Read-only properties
Private properties with read-only access inside a class can be declared with the readonly
flag. Qodana for PHP will suggest updating the property declaration.
Final class constants
Starting with PHP 8.1, it is possible to declare constants as final. This is why Qodana for PHP will warn you about constants that are not inherited and suggest adding a final
modifier to them. With the PhpStorm integration, you can quickly jump to the IDE to fix the issue.
rand function arguments in reverse order
This inspection highlights function calls from the rand family where the max argument can be less than the min. For example, calling rand(10, 1)
is the same as calling rand(1, 10)
, but mt_rand()
is strict about the order of its arguments.
Invalid mock target with PHPUnit
Qodana for PHP will warn you when you try to access a private or final method on a mock object.
Redundant modifier
This new inspection will report modifiers that are used in regular expression patterns but do not affect the match:
-
/i
(case insensitivity) in patterns that contain no letters. -
/D
(PCRE_DOLLAR_ENDONLY) in patterns that do not contain a dollar sign or that contain the\m
(PCRE_MULTILINE) modifier. -
/s
(dot matches line breaks) in patterns that contain no dots.
Unsupported modifier
This inspection will report usages of the /e
modifier, which is deprecated in PHP versions 7.0 and later.
Java and Kotlin inspections
This release also adds new inspections from IntelliJ IDEA 2022.1 to Qodana for JVM. With our IntelliJ IDEA integration, if any issues are found, the erroneous code can be opened right in the IDE for a quick fix.
Let’s take a look at the most notable inspections.
Suspicious back reference
Qodana for JVM will find references that will not be resolvable at runtime.This means that the back reference can never match anything. A back reference will not be resolvable when the group is defined after the back reference, or if the group is defined in a different branch of an alternation.
‘InputStream’ and ‘OutputStream’ can be constructed using ‘Files’ methods
This inspection reports FileInputStream
and FileOutputStream
constructors when they can be replaced with Files.newInputStream()
and Files.newOutputStream()
, respectively. Streams created using Files
methods are usually more efficient than those created by stream constructors.
Redundant @ScheduledForRemoval annotation
Qodana for JVM will warn you about the usage of @ApiStatus.ScheduledForRemoval
annotations without the inVersion
attribute, which targets Java 9 or a newer version of Java. It will suggest replacing such usages with the forRemoval
attribute in the @Deprecated
annotation to simplify your code.
Bulk ‘Files.readAttributes’ calls can be used instead of multiple file attribute calls
This inspection finds places where multiple java.io.File attribute checks, such as isDirectory
, isFile
, lastModified
, or length
, are used in a row. These calls can be replaced with a bulk Files.readAttributes
call. The bulk method is usually more performant than multiple attribute checks.
Loop can be replaced with ‘List.replaceAll()’
This inspection reports loops that can be collapsed into a single List.replaceAll()
call.
Number of placeholders does not match the number of arguments in logging call
Qodana for JVM will report SLF4J
or Log4j 2
logging calls, such as logger.info(\"{}: {}\", key)
, where the number of {}
placeholders in the logger message doesn’t match the number of other arguments in the logging call.
Regular expressions can be simplified
This inspection detects regular expressions that can be simplified.
To exclude certain inspections from your analysis, you can customize your default inspection profile or create a brand new one. You may also want to enforce inspections that are important to your coding guidelines or best practices. Check out our Qodana documentation for more information.
That’s all that is new in Qodana 2022.1! We hope you’ll find our release blog posts useful. If you have any suggestions for future blog topics or if you want to learn more about how Qodana can help you and your business, post a comment here, tag us on Twitter, or contact us at qodana-support@jetbrains.com.
Your Qodana team
Top comments (0)