Qodana 2024.3 Is Here Along With a Special Offer for New Users!

Kerry Beetge

Happy New Year! In case you missed it, the Qodana team ended 2024 with a bang and released Qodana 2024.3. What’s in the latest release? New security functionality, a fresh set of Android linter rules, and more to help your team prioritize code excellence. Let’s take a look at what’s available in more detail. 

1. Security analysis for Java and Kotlin
2. DFA for Go
3. New Android lint checks
4. 25% off for new users switching to Qodana

To The Documentation

Robust security analysis for Java and Kotlin

Our latest release introduces a security analysis inspection for Java and Kotlin, enabled by default in the Qodana for JVM linter with the ultimate subscription plan. 

This means advanced interprocedural data flow analysis capabilities, providing deeper analysis for Java and Kotlin. 

As a result, you can find and fix security vulnerabilities, ensuring your code is both more efficient and more secure. 

Example of SQL injection vulnerability:

User data from the HTTP request is propagated to the statement.execute method without any sanitization. This allows manipulation of the SQL query being executed, which could be exploited to compromise security.

The inspection helps to detect and prevent the following types of vulnerabilities:

• Cross-Site Scripting (XSS)
• Command Injection
• SQL Injection
• Path Traversal
  

This functionality is also available in IntelliJ IDEA Ultimate starting from v2024.3.1 with the Security Analysis by Qodana plugin installed.

New DFA checks for qodana-go

Data Flow Analysis (DFA) is a form of static code analysis that checks how data flows through software programs. This kind of analysis can help you track errors occurring during value propagation. The Qodana 2024.3 release introduces three new dataflow based inspections enabled by default in the Go linter to help you improve the quality of your code.

These inspections, which were present in prior releases of GoLand and focused on local data flow within the function scope, have now appeared in the linter in this iteration after the RML engine was integrated as a platform module.

1. Constant Condition

This inspection identifies conditions that always evaluate to either true or false. It helps uncover redundant code branches and logical errors.

Here’s an example:

2. Nil dereference

This inspection highlights calls where the receiver might be nil. This inspection helps prevent runtime crashes and ensures safer code execution.

Let’s take a look at this below:

3. Error maybe not nil

This inspection highlights calls without proper error handling. The error variable should always be checked for nil before the value variable can be used.

Here’s an example of error handling to avoid:

app.Close invocation is safe from nil errors only when it’s checked against err == nil . In this example, app.Close was invoked without err variable checking.

This inspection highlights these kinds of instances.

Simply update your Qodana linter to 2024.3 to enable this new functionality by default.

Android Lint checks added to qodana-android checks

Good news! The new Android linter checks are enabled by default in your qodana.recommended profile in 2024.3 and can also be included in custom profiles. By updating these inspections, we aim to enhance the overall development experience, particularly for Android. 

Learn more about our checks

The Android linter provides inspections for Android-specific code to help you improve code quality and maintainability. Let’s explore a few examples below. 

A newer approach for displaying popups

Layout inflation without a parent (ID: AndroidLintInflateParams)

Using traditional XML inflation for displaying popups in Android is a popular approach, but one issue with inflating popups this way is that your popup_layout.xml may rely on information from a parent view. As a result, you might run into challenges if the context of that view changes. 

The alternative is to try Layout Inflation Without A Parent. Find out more about this inspection here. 

Ensuring user understanding

Incomplete transition (ID: AndroidLintMissingTranslation)

Fully translating your app is crucial if you want to reach a diverse audience and ensure a good user experience for various demographics. It can also impact sales and decrease confusion. Make sure you don’t miss anything with this lint check.

Maintaining responsiveness

Nested Layout Weights (ID: AndroidLintNestedWeights)

When a LinearLayout with non-zero weights is nested inside another LinearLayout with non-zero weights, then the number of measurements increases exponentially. In some cases, the responsiveness of the application will decrease if this pattern is repeated enough. You can maintain responsiveness by checking for the usage of weight attributes in nested LinearLayout components within an Android layout. 

These are just some of the new checks you can use with Qodana on your Android project. Find the full list here. 

Switch to Qodana for code analysis and get 25% off

Qodana gets better with every release and provides a cost-effective way for teams to build confidence in code quality. 

With this in mind, we’re offering you 25% off your first year of Qodana if you switch from a comparable commercial solution. Click on the button below to speak to our team. 

Switch To Qodana

Subscribe to Qodana Blog updates

Subscribe form

By submitting this form, I agree to the JetBrains Privacy Policy Notification icon

By submitting this form, I agree that JetBrains s.r.o. ("JetBrains") may use my name, email address, and location data to send me newsletters, including commercial communications, and to process my personal data for this purpose. I agree that JetBrains may process said data using third-party services for this purpose in accordance with the JetBrains Privacy Policy. I understand that I can revoke this consent at any time in my profile. In addition, an unsubscribe link is included in each email.

Submit

Thanks, we've got you!