db* CODECOP v4.2.3

Fixed

• PLSQLCOP-403: Possible NPE while checking G-5060/G-56: Avoid unhandled exceptions (CWE 476)

  • There are no known problems, but it is theoretically possible.

• PLSQLCOP-404: Possible NPE while checking G-4250: Avoid using identical conditions in different branches of the same IF or CASE statement (CWE 476)

  • There are no known problems, but it is theoretically possible.

• PLSQLCOP-408: Parse errors when using parallel_enable clause with hash/range/value

  • Only ANY worked. All other variants lead to parser errors.

    

• PLSQLCOP-411: NOSONAR marker not considered within line

  • The NOSONAR marker is now recognized on every position in the line.
  • Previously the NOSONAR marker was recognized only after the column position of the reported violation.

• PLSQLCOP-414/PLSQLCOP-416: CVE-2021-44228 – Log4j 2 vulnerability

  • Updated log4j library to version 2.16.0.
  • For more information see:
    • https://www.lunasec.io/docs/blog/log4j-zero-day/
    • https://www.randori.com/blog/cve-2021-44228/
    • https://github.com/mergebase/log4j-detector
    • https://logging.apache.org/log4j/2.x/changes-report.html#a2.16.0
    • https://community.sonarsource.com/t/sonarqube-sonarcloud-and-the-log4j-vulnerability/54721