Release early-access

SonarQube compatibility

This version is compatible with SonarQube 9.9 LTS and SonarQube 10.5 Community Edition.

It may work with the commercial editions of SonarQube, but you won't be able to use ZPA and the embedded PL/SQL plugin from SonarSource to analyze the code simultaneously. If you need this scenario, please use zpa-cli instead.

Highlights

First-class support for test and coverage reports generated by utPLSQL

Two new properties specifically designed for consuming test and coverage reports generated by utPLSQL were added:

• sonar.zpa.tests.reportPaths: Use this property to specify the path to the test report(s) (generated using the ut_sonar_test_reporter).
• sonar.zpa.coverage.reportPaths: Similarly, this property allows you to specify the path to the coverage report(s) (generated using the ut_coverage_sonar_reporter).

Previously, importing test and coverage reports into SonarQube required generic properties. However, with the introduction of these new properties, the ZPA plugin can now automatically associate the test and coverage results with the corresponding PL/SQL files. The best part? You won’t need to define any complex object-file mapping rules in the utPLSQL-cli.

By leveraging these properties, is much easier to integrate the utPLSQL reports into your SonarQube analysis pipeline. More information is available in the documentation.

Install/update instructions

• Download the sonar-zpa-plugin-3.5.0-SNAPSHOT.jar and copy it to the SONARQUBE_HOME/extensions/plugins.
• Remove the older plugin from that directory.
• Restart the SonarQube instance.

For custom plugin developers

Binary compatibility is not guaranteed either in between any version number change. Custom plugins should be recompiled against the same version of sonar-zpa-plugin.

Download the zpa-toolkit-3.5.0-SNAPSHOT.jar (requires Java 11+) to test the parser and view the AST.

Full changelog

🚀 Features

• 460e813 grammar: Support JSON constructor (#182), closes #182
• bd12517 Update rule descriptions to display the line differences between compliant and noncompliant code
• 5cfcb8b grammar: Support JSON_QUERY (#182), closes #182
• 3689350 grammar: Support COLLECT function
• 319beef grammar: Support values clause in queries
• d335949 grammar: Support recursive subquery factoring syntax
• bc26d2b grammar: Support timestamp literals
• 30f014f grammar: Support floating-point literals
• 4ef718b Add debug logging on the test and coverage importers
• 59f081f Add "debug" log level
• 7199edc Add firstToken and lastToken to Scope because the "tree" is empty on the scopes added to the global scope
• c7e952d Import coverage reports correctly when the tested file doesn't start with the executed code (#156), closes #156
• b75eecf Import coverage reports from utPLSQL (#156), closes #156
• 5eb4945 Import correctly utPLSQL test reports that contain the paths to the source files (#156), closes #156
• 38b3e1f Introduce a sensor to import utPLSQL test reports (#156), closes #156
• 99f7216 Add a FileLocator component to be used by the utPLSQL report sensor (#156), closes #156
• fdbd43f Expose the global symbol scope to the consumers of AstScanner
• 9579c04 Add a plSqlFile property to ScopeImpl
• 09b8593 Include empty comment lines in the total count of lines of comments
• a256b94 Remove method getSemanticNode and make the Parser build a SemanticAstNode directly

🐛 Fixes

• 338b2ee Fix zpa-checks tests to use Jackson
• 600b4ea Register all the trigger scopes with the type "CREATE_TRIGGER"
• d6ab929 Wait for the thread to terminate before exiting ProgressReport.stop/cancel to ensure that the message 'xxx source files have been analyzed' doesn't appear after the 'Sensor Z PL/SQL Analyzer [plsqlopen] (done)' in SonarScanner.
• 776c766 Ignore coverage for files with no covered lines
• a2983d0 Store the trigger name on the scope correctly
• b4d5a5e grammar: Skip XMLTABLE_OPTIONS node because all components are optional
• b5918c0 Import test result correctly when the report contains the suite path
• 57d5aad Fix comparison on MethodMatcher
• 7114796 Fix broken test
• 83e5d6a Add a subcategory for test and coverage properties instead of creating a new category
• 4355716 Fix the xml mapping of utPLSQL test report

🔄️ Changes

• efc977e Remove unused method
• 0e8bde4 grammar: Move XMLAGG_EXPRESSION to AggregateSqlFunctionsGrammar
• 9c990f2 grammar: Move TREAT_AS_EXPRESSION and SET_EXPRESSION to SingleRowSqlFunctionsGrammar
• 7742599 Prefer raw strings for regexes in PlSqlLexer
• 2ba31ad Abstract some logic from TestResultImporter that will be shared with the coverage importer
• 734b300 Remove unnecessary parameter from UtPlSqlSensor
• 765b2d1 Move the test report importing code to a separate class (#156), closes #156
• c9212cc Rename class UtPlSqlTestSensor to UtPlSqlSensor
• c6d6fd0 Rename property "sonar.zpa.utplsql.reportPaths" to "sonar.zpa.tests.reportPaths" (#156), closes #156
• 6ec05fa Rename FileLocator to ObjectLocator and don't add the number disabled tests to the total of tests (#156), closes #156
• aa7f0fa Reduce memory usage of MethodMatcher
• 1f6af00 Convert NameCriteria to a functional interface
• d9e0702 Remove unnecessary call to Char.lowercaseChar
• 5a7dc47 Replace usages of org.hamcrest.MatcherAssert with com.felipebz.flr.tests.Assertions

🧪 Tests

• 7c8f200 Update integration test expectations

🧰 Tasks

• bba9491 Fix license header

🛠 Build

• 0a7c3b6 Update to Gradle 8.8
• b7b6767 Change shadow plugin to io.github.goooler.shadow
• 938c1ed Simplify the build workflow to avoid rebuilding the project multiple times
• bbc36d6 Update build plugins
• 211e894 deps: Update Kotlin to 2.0.0
• 866854f Fix compilation warnings
• 3389608 Add dependency-submission to GitHub workflow
• 769f728 deps: Use FLR 1.4.0-SNAPSHOT
• 323d9ce Bump project version

📝 Documentation

• 587ae08 Update changelog

Release 3.4.0

SonarQube compatibility

This version is compatible with SonarQube 9.9 LTS and SonarQube 10.5 Community Edition.

It may work with the commercial editions of SonarQube, but you won't be able to use ZPA and the embedded PL/SQL plugin from SonarSource to analyze the code simultaneously. If you need this scenario, please use zpa-cli instead.

Highlights

Install/update instructions

• Download the sonar-zpa-plugin-3.4.0.jar and copy it to the SONARQUBE_HOME/extensions/plugins.
• Remove the older plugin from that directory.
• Restart the SonarQube instance.

For custom plugin developers

Binary compatibility is not guaranteed either in between any version number change. Custom plugins should be recompiled against the same version of sonar-zpa-plugin.

Download the zpa-toolkit-3.4.0.jar (requires Java 11+) to test the parser and view the AST.

Full changelog

🚀 Features

• 7cae5e0 grammar: Improve parsing of ALTER TRIGGER/PROCEDURE/FUNCTION/PACKAGE
• ffa0f67 grammar: Support CREATE/DROP DIRECTORY
• 3f206ed toolkit: Highlight comment nodes when clicking on the corresponding trivia in the AST tree
• d206e03 toolkit: Highlight comment nodes when clicking on the corresponding trivia in the AST tree
• 2d22d47 toolkit: Change the color of the highlighter from gray to a light blueish color
• 5df2de6 grammar: Support TABLE expressions with queries
• 111d864 grammar: Support CURSOR expressions

🐛 Fixes

• 7c1ee44 grammar: Don't consider SELECT_EXPRESSION as a valid expression for all cases, this is necessary to avoid parsing errors like '1 + select 1 from dual' that was being considered valid
• 8344096 Refactor operator handling in PlSqlGrammar (#181), closes #181

🛠 Build

• fc4bc41 Release 3.4.0
• 0485465 Update to Gradle 8.7
• 8c58095 Enable SonarScanner logs
• a8c4658 Change the directory where integration test failures are saved
• 7c573fc Bump project version

📝 Documentation

• 7547f7b Update release template and README

Release 3.3.1

SonarQube compatibility

This version is compatible with SonarQube 9.9 LTS and SonarQube 10.4 Community Edition.

It may work with the commercial editions of SonarQube, but you won't be able to use ZPA and the embedded PL/SQL plugin from SonarSource to analyze the code simultaneously. If you need this scenario, please use zpa-cli instead.

Highlights

Install/update instructions

• Download the sonar-zpa-plugin-3.3.1.jar and copy it to the SONARQUBE_HOME/extensions/plugins.
• Remove the older plugin from that directory.
• Restart the SonarQube instance.

For custom plugin developers

Binary compatibility is not guaranteed either in between any version number change. Custom plugins should be recompiled against the same version of sonar-zpa-plugin.

Download the zpa-toolkit-3.3.1.jar (requires Java 11+) to test the parser and view the AST.

Full changelog

🐛 Fixes

• 7744f16 Fix lexer to correctly handle binding and host/indicator variables (#181), closes #181
• 56b0a67 Fix lexer to correctly handle national character literals (#181), closes #181
• ce1368f Update list of reserved keywords (closes #179), closes #179
• 1254a36 Add missing set operators from Oracle 20c+ (minus all, intersect all, except, and except all)
• e719d2b Check exception declarations in VariableHidingCheck (closes #180), closes #180

🧰 Tasks

• 9c3a4f5 Update .editorconfig

🛠 Build

• ce4fb60 Release 3.3.1
• af6f456 Reintroduce integration tests with the upcoming SonarQube version
• 15ee987 Bump project version
• 20afa2d Bump project version

📝 Documentation

• b60b0e7 Update README
• 9fedad2 Fix link to the SonarScanner docs

Release 3.3.0

SonarQube compatibility

This version is compatible with SonarQube 9.9 LTS and SonarQube 10.4 Community Edition.

It may work with the commercial editions of SonarQube, but you won't be able to use ZPA and the embedded PL/SQL plugin from SonarSource to analyze the code simultaneously. If you need this scenario, please use zpa-cli instead.

Highlights

• The property sonar.zpa.file.suffixes was renamed to sonar.plsqlopen.file.suffixes due to changes in SonarQube 10.4.
• To support the "Analyzers loading optimization" feature from SonarQube 10.4, custom plugins must set the Plugin-RequiredForLanguagesto plsqlopen. See the Gradle example here and the Maven example here.

Install/update instructions

• Download the sonar-zpa-plugin-3.3.0.jar and copy it to the SONARQUBE_HOME/extensions/plugins.
• Remove the older plugin from that directory.
• Restart the SonarQube instance.

For custom plugin developers

Binary compatibility is not guaranteed either in between any version number change. Custom plugins should be recompiled against the same version of sonar-zpa-plugin.

Download the zpa-toolkit-3.3.0.jar (requires Java 11+) to test the parser and view the AST.

Full changelog

🚀 Features

• 25f8dc4 Improve the error messages in PlSqlCheckVerifierTest assertions
• 1399943 Set the attribute "Plugin-RequiredForLanguages" in the plugin manifest to support the "Analyzers loading optimization" feature from SonarQube 10.4
• 5732e53 Rename property "sonar.zpa.file.suffixes" to "sonar.plsqlopen.file.suffixes"
• 84fd1d5 perf: Small improvement in PlSqlCommentAnalyzer.getContents
• 3e7eccf Optimize memory usage when lexing whitespace
• 65c85d7 Optimize memory usage when lexing identifiers
• ffffccb Optimize memory usage when lexing date literals
• e1ccbea Optimize memory usage when lexing string literals
• 5b7bba5 Optimize memory usage when lexing numeric literals
• b853469 Optimize memory usage when lexing comments
• 437b569 Optimize memory usage in RegexPunctuatorChannel by minimizing Regex usage
• 975a8df Replace usages of Enum.values() by Enum.entries (new in Kotlin 1.9)
• 42ec1f0 Add a name property to all datatype classes
• c160256 Add a name property to AssociativeArrayDatatype and RecordDatatype
• 5d21223 Update plsql-custom-plugin example for zpa-cli compatibility
• c8f6249 Add properties to ZpaActiveRule for zpa-cli integration
• e5b0b3f Use Rula and Priority annotations from the zpa-core module on custom rules
• 0bf214f grammar: Support GROUP BY GROUPING SETS (#168), closes #168
• d9989b8 grammar: Support GROUP BY ROLLUP/CUBE

🐛 Fixes

• b7bf156 core: Change plSqlDatatype and plSqlType attributes on SemanticAstNode to non-nullable
• d7e9910 checks: Fix bounds check on ToCharInOrderByCheck (closes #165), closes #165

🔄️ Changes

• 9aa1597 Implement an optimized channel for integers without using regex
• 4aeaed9 Avoid capturing groups on the regexes used by the lexer
• 548d60a Simplify comparison
• eabbf3d Replace internal comparator class by a lambda

🧰 Tasks

• 400eae2 Update license header
• 7efdec5 Remove FUNDING.yml

🛠 Build

• e6a61d8 Release 3.3.0
• c40c9a6 Update to FLR 1.3.0
• 2d01d07 Rename job name from "Integration tests" to "IT" in GitHub Actions workflow
• 4ca6ac6 Update the sonar-orchestrator version and removes the DEV version from the integration tests matrix (because SonarSource made their repository private)
• 68be10a Configure the jvm target in the kotlin plugin
• 4d3acb4 Update to Gradle 8.6
• cce21b9 Run Gradle with JDK 21
• d5e29a3 Enable 'continue-on-error' in GitHub workflow for integration tests
• 97bb37b Set sonar.gradle.skipCompile=true
• f4237dd Update GitHub Actions to use newer versions and revise build commands
• 27b3b2c Update to Gradle 8.5 and Kotlin 1.9.22
• 0a709e2 Update SonarScanner for Gradle to 4.4.1.3373
• 14a4fe5 Use Kotlin 1.9.10
• 601a77a Use JReleaser 1.8.0
• 8544710 Use Gradle 8.4
• 9b2dbe3 Use FLR 1.3.0-SNAPSHOT
• 9d50cc6 Use Gradle 8.3
• f424ffd Update dependencies
• 2ffd9bc Use Gradle 8.2.1
• 4e11c3b Use Gradle 8.2.1
• 73f44e8 Fetch all commits in gh actions
• 1e3a434 Use JReleaser 1.6.0
• a4d329a Use Gradle 8.1.1 on plsql-custom-rules
• a97fb3b Migrate to GitHub Actions
• d227ab7 Update Azure Pipelines tasks
• 0230d10 Use Kotlin 1.8.20 and Gradle 8.1.1
• 8374e9a Remove the minimize step from sonar-zpa-plugin
• 3437b7f Update azure-pipelines.yaml
• b9c400a Update changelog format
• e75920d Use JReleaser 1.5.1
• 3e7a3dd Use Gradle 8.0.2
• aaa6838 core: Refactor TestPlSqlFile to require a File object (#166), closes #166
• d06a10c Update changelog template
• be8fe65 Always use JDK 17 to run the integration tests
• f27e196 Use Gradle 8.0.1
• 832f9f9 Update SonarScanner for Gradle
• 012a82a deps: Bump minimum SonarQube version to 9.9 LTS

📝 Documentation

• a520dd3 Update changelog template
• 7c701c5 Update SonarQube compatibility and add highlights in changelog
• 39b8791 Update compatibility matrix
• 690c2d9 Update README
• f720ea6 Add README to plsql-custom-plugin project
• 092c031 Fix typo
• 7164526 Add CONTRIBUTING.md

Release 3.2.1

SonarQube compatibility

This version supports SonarQube 8.9 LTS and newer.

Please be aware that ZPA is only tested with SonarQube Community Edition. It may work with the commercial editions of SonarQube, but you won't be able to use ZPA and the embedded PL/SQL plugin from SonarSource to analyze the code simultaneously. If you need this scenario, please use zpa-cli instead.

Install/update instructions

• Download the sonar-zpa-plugin-3.2.1.jar and copy it to the SONARQUBE_HOME/extensions/plugins.
• Remove the older plugin from that directory.
• Restart the SonarQube instance.

For custom plugin developers

Binary compatibility is not guaranteed either in between any version number change. Custom plugins should be recompiled against the same version of sonar-zpa-plugin.

Download the zpa-toolkit-3.2.1.jar (requires Java 11+) to test the parser and view the AST.

Changelog

🐛 Fixes

• 28401ad fix(grammar): Accept PARALLEL_ENABLE on functions declarations
• 697d87a fix(grammar): Fix EXISTS_EXPRESSION to parse the subquery correctly

🛠 Build

• 6647196 build: Use Kotlin 1.8.10
• e2daf6d build: Update copyright in license headers
• 6a0640f build: Update copyright in license headers
• 8c4ccd5 build: Use JDK 17 to run integration tests that depends on SonarQube 9.8 or higher
• ea0555e build: Use JReleaser 1.4.0
• 2417982 build: Use Kotlin 1.8.0

Release 3.2.0

SonarQube compatibility

This version supports SonarQube 8.9 LTS and newer.

Please be aware that ZPA is only tested with SonarQube Community Edition. It may work with the commercial editions of SonarQube, but you won't be able to use ZPA and the embedded PL/SQL plugin from SonarSource to analyze the code simultaneously. If you need this scenario, please use zpa-cli instead.

Install/update instructions

• Download the sonar-zpa-plugin-3.2.0.jar and copy it to the SONARQUBE_HOME/extensions/plugins.
• Remove the older plugin from that directory.
• Restart the SonarQube instance.

For custom plugin developers

Binary compatibility is not guaranteed either in between any version number change. Custom plugins should be recompiled against the same version of sonar-zpa-plugin.

Download the zpa-toolkit-3.2.0.jar (requires Java 11+) to test the parser and view the AST.

Changelog

🚀 Features

• 972cbd7 grammar: Support table expression ("table(...)")
• b20d9f0 grammar: Support constraints on custom datatypes (closes #158)
• 7be7f84 grammar: Add EXCEPTION_DECLARATION and classify the exceptions as PlSqlType.EXCEPTION
• 6e339b6 grammar: Add an EXCEPTION_HANDLERS node to group all exception handlers
• b31cb1b grammar: Group parameter declarations under a new PARAMETER_DECLARATIONS node
• 36bee18 grammar: Support extended iterators from Oracle 21c
• 6aab1e4 grammar: Add support for qualified expressions from Oracle 21c
• 94c43b4 toolkit: Add a new tab on zpa-toolkit to show scopes and symbols identified
• 504df79 toolkit: Change zpa-toolkit look and feel
• 25d0d10 toolkit: Implement the "click-to-highlight" feature on the new "symbol tree" on zpa-toolkit
• fee4525 toolkit: Add "Statistics" tab on zpa-toolkit
• 73d0fbc Convert some methods to properties on Scope/Symbol
• eda8399 Improve symbol usage tracker to handle qualified variables (#125)
• 12ff703 Add Symbol.innerScope to simplify the access to the symbols declared inside program units and cursors

🐛 Fixes

• b631d88 grammar: Use MEMBER_EXPRESSION instead of CUSTOM_DATATYPE in REF/ANCHORED_DATATYPE
• 70b1add grammar: Fix CHARACTER_DATATYPE_CONSTRAINT
• 83cada8 Reduce usage of RegexPunctuatorChannel on PlSqlLexer to avoid unnecessary parsing with regexes

🧰 Tasks

• 1e28a5f Bump minimum SonarQube version to 8.9

3.1.1

Fixes:

• "ClassNotFoundException: org.jaxen.saxpath.base.XPathReader" exception on XPath rules (#154).

---

Install/update instructions:

• Copy the sonar-zpa-plugin-3.1.1.jar file to SONARQUBE_HOME/extensions/plugins.
• Remove the older plugin from that directory.
• Restart the SonarQube instance.

For custom plugin developers:

• There are no changes affecting custom plugins.

3.1.0

This version Improves performance on multi-core processors (#153). This option can be disabled through the SonarQube UI on "General Settings" > "Z PL/SQL Analyzer" > "Enable concurrent execution" or setting the property sonar.zpa.concurrentExecution=false.

This version supports SonarQube 7.6 and newer and it's the last release supporting SonarQube 7.6. Please be aware that ZPA is only tested with SonarQube Community Edition. It may work with the commercial editions of SonarQube, but you'll have to choose if you want to use ZPA or SonarPLSQL (from SonarSource). You can't use both plugins to analyze the code simultaneously.

The next release will require SonarQube 8.9 LTS as minimum version.

Install/update instructions:

• Copy only the sonar-zpa-plugin-3.1.0.jar file to the SONARQUBE_HOME/extensions/plugins.
• Remove the older plugin (sonar-plsql-open-plugin*.jar or sonar-zpa*.jar) from that directory.
• Restart the SonarQube instance.

For custom plugin developers:

• There are no changes affecting custom plugins.

3.0.0

New rules:

• Do not use LIKE conditions without wildcards

Other highlights:

• Fix IndexOutOfBoundsException on SelectAllColumnsCheck. (#141)
• Greatly reduce the time needed to parse code that uses ANSI joins (#152)
• Many improvements in the parser.
• Add an example of custom plugin using Gradle.

This version supports SonarQube 7.6 and newer. Please be aware that ZPA is only tested with SonarQube Community Edition. It may work with the commercial editions of SonarQube, but you'll have to choose if you want to use ZPA or SonarPLSQL (from SonarSource). You can't use both plugins to analyze the code simultaneously.

Install/update instructions:

• Copy only the sonar-zpa-plugin-3.0.0.jar file to the SONARQUBE_HOME/extensions/plugins.
• Remove the older plugin (sonar-plsql-open-plugin*.jar) from that directory.
• Restart the SonarQube instance.

For custom plugin developers:

• [BREAKING CHANGE] Custom plugins built against older versions of sonar-plsql-open-plugin must be updated. Please read the documentation for more details: Migrating a plugin from a previous version.

2.4.0

This version supports SonarQube 6.7 and newer and it's the last release supporting SonarQube 6.7. Also note that ZPA is only tested with SonarQube Community Edition. It may work with SonarQube Developer/Enterprise/Data Center Editions, but you'll have to choose between ZPA and SonarPLSQL. If you want a better support for commercial editions of SonarQube please see the issue #133 and contact me.

Some rule improvements, like:

• Ignore BULK COLLECT in SelectAllColumnsCheck (#109)
• Ignore "FETCH cursor" in SelectAllColumnsCheck (#118)
• Ignore "overriding member" in UnusedParameterCheck and EmptyBlockCheck
• Ignore queries with bulk collect in QueryWithoutExceptionHandlingCheck (#128)

Other highlights:

• The old sonar.plsql.* properties are not recognized anymore. Please use sonar.zpa.* in the SonarQube Scanner.
• Many improvements to the parser (i.e. #43, #108, #120, #123, #130, #134).

For custom plugin developers:

• [BREAKING CHANGE] Custom plugins built against older versions of sonar-plsql-open-plugin must be recompiled with the new version.
• Many deprecated methods were removed.
• Fixed typo in package name: org.sonar.plugins.plsqlopen.api.annnotations. -> org.sonar.plugins.plsqlopen.api.annotations.