The JetBrains team is continuously adding new features and improving Qodana – the code quality platform. The new version brings new code inspections and can scan your project dependencies to find their licenses.

License audit was an additional linter that had to be configured separately from the main linters. Now, this functionality is also available in Qodana. Lots of new and useful inspections for PHP and JVM linters have also been added. Keep reading to find out more!

GET STARTED WITH QODANA

Legal and compliance penalties for invalid or inappropriately used licenses in your code can be extremely expensive. With Qodana, you can scan dependencies in your code repository to find their licenses and see if there are any potential issues.

This release makes it easier to introduce license auditing into your project, which becomes part of your CI/CD pipeline. License auditing is available for all linters, including Python, Java, Kotlin, PHP, and JavaScript.

To enable License audit, add the following lines to the qodana.yaml file in the root of your project:

If you need to ignore a specific dependency in your project, add the following lines:

Duplicate array key

The behavior of array_merge() and merging with the + operator is different from each other in PHP. The latter will not override the value if the key is duplicated. This can lead to confusion and bugs, so Qodana for PHP now highlights such cases as well.

Using count($array) as an array index

When appending an item to an array, there is no need to explicitly specify the index. Qodana for PHP can warn you about a redundant count() call.

Replace the pow() call with **

PHP includes the ** exponential operator since version 5.6. Qodana for PHP will propose a quick solution directly in PhpStorm (Alt+Enter) to replace the old pow() calls with the ** operator.

Read-only properties

Private properties with read-only access within a class can be declared with the readonly flag. Qodana for PHP will suggest updating the property declaration.

Final class constants

Starting with PHP 8.1, it is possible to declare constants as final. This is why Qodana for PHP will warn you about non-inherited constants and suggest adding the modifier final to them. With PhpStorm integration, you can quickly jump to the IDE to solve the problem.

rand function arguments in reverse order

This inspection underlines function calls from the rand family where the max argument can be less than min. For example, calling rand(10, 1) is the same as retrieving rand(1, 10), but mt_rand() is strict about the order of its arguments.

Invalid mock target with PHPUnit

Qodana for PHP will warn you when you try to access a private or final method on a mock object.

Redundant modifier

These inspection reports modifiers that are used in regular expressions but do not affect the match:

• /i (case-insensitive) in patterns that do not contain letters
• /D (PCRE_DOLLAR_ENDONLY) in patterns that do not contain a dollar sign or that contain the modifier \m (PCRE_MULTILINE)
• /s (dot matches line breaks) in expressions that do not contain dots.

Unsupported modifier

This inspection will report the use of the /e modifier, which is deprecated in PHP versions 7.0 and later.

Java and Kotlin inspections

This release also includes inspections from IntelliJ IDEA 2022.1 in Qodana for the JVM. With IntelliJ IDEA integration, if any problems are found, the wrong code can be opened directly in the IDE and quickly corrected.

Let’s look at the most noteworthy inspections.

Suspicious back reference

Qodana for JVM will find references that are not resolvable at runtime. That means that the back reference can never match with anything. Such a reference will not be resolvable when the group gets defined after it. The same applies if the group get defined in another branch of the alternation.

‘InputStream’ and ‘OutputStream’ can be constructed using the ‘Files’ method

This inspection reports the FileInputStream and FileOutputStream constructors when they can be replaced with Files.newInputStream() and Files.newOutputStream(), respectively. Streams created using the Files method are usually more efficient than those created by stream constructors.

Calling the ‘Files.readAttributes’ method can be used instead of calling individual attributes

This inspection finds where multiple java.io.File attribute checks, such as isDirectory, isFile, lastModified, or length, are used in sequence. You can replace these calls with bulk Files.readAttributes call a bulk Files.readAttributes call. The bulk method is usually more efficient than multiple attribute checks.

Loop can be replaced with ‘List.replaceAll()’

This inspection report loops collapsible by calling the List.replaceAll() method.

The number of placeholders does not correspond to the number of arguments in logging

Qodana for JVM will report SLF4J or Log4j 2 logging calls, such as logger.info(\”{}: {}\”, key), where the number of {} placeholders in the logger message does not match the number of other arguments in the logging call.

Regular expressions can be simplified

This inspection reveals regular expressions that can be simplified.

To exclude certain inspections from your analysis, you can customize your default inspection profile or create a new one. You may also want to perform an inspection according to your coding guidelines or best practices. See the Qodana documentation for more information.

That’s all that’s new in Qodana 2022.1! We hope that the article was helpful to you. If you wish to learn more about how Qodana can help you and your business, please get back to us by replying to this email.