db* CODECOP v4.4.0

New / Changed

Common

• The generic issue import JSON file now contains a type attribute (BUG, CODE_SMELL, VULNERABILITY) which will be considered in SonarQube versions 7, 8 and 9. SonarQube 10 introduced new concepts based on clean code attributes, which are not compatible with the type used in preceding versions.

• Changed error message for E-0002/E-02 to Syntax error. Please check the limitations and contact the author if the code can be compiled successfully in your environment. (Trivadis/plsql-cop-sqldev#19).

• Documented limitations regarding unquoted identifiers (Trivadis/plsql-cop-sqldev#19)

• Included preview/trial license is valid thru 2025-01-01

Validators

• All validator checks are based on PL/SQL & SQL Coding Guidelines Version 4.3.
• New guidelines, applicable in an Oracle Database 23c only:
  • G-3182: Always specify column names instead of positional references in GROUP BY clauses.
  • G-3183: Always specify column aliases instead of expressions in GROUP BY clauses.
• Updated guideline G-1050: Avoid using literals in your code.
  • An issue reported only when the threshold number per literal is reached.
  • The default threshold is 2, this means no issue is reported if a literal is used once within a file.
  • The default threshold can be overridden via the Java system property cop.1050.threshold.
• Updated guideline G-8310: Always validate input parameter size by assigning the parameter to a size limited variable in the declaration section of program unit.
  • Violations are reported only when the parameter type contains char, dec, interval, number, numeric, %type.
  • For these data types the length is not defined and therefore assigning it to a size limited variable makes sense.
  • However, for %type definitions there are still false positives possible when the underlying data type does not contain a size limiting component.
  • %type definitions cannot be resolved with static code analysis based on a single file scope.
• Updated severity (blocker, critical, major, minor, info) of most guidelines.
  • Assessing the maintenance cost leads to a severity between info and critical, but never blocker.
  • If a violation of an issue may impact the resource usage (CPU, memory, runtime performance) the severity is at least critical.
  • If a violation of an issue may lead to an incorrect result or a runtime exception the severity is defined as blocker. The issue is considered a bug.
• Private methods in validators are declared now as protected to simplify overriding them in custom validators.

Grammars

• Updated PL/SQL editor plugin for Eclipse.

Fixed

Grammars

• Parse error when using overriding in a map member function in type body

Validators

• G-7330 False positive when an out parameter is populated in a bulk collect into clause (Trivadis/plsql-cop-sqldev#19).