Sonarqube: Php equivalent annotation for ignoring sonarqube rule - sonarqube

I know that in Java, we can ignore the a Sonarqube rule for specific method with annotations. For example...
#SuppressWarnings("squid:S2078")
With php, I have not narrowed down how to do this yet. Is there an equivalent example that ignores one rule for a specific piece of code (not necessarily for a class/function, but it would be a start :) )

The current version of php analyser (SonarPhp 2.14 in SonarQube 7.3) does not have a feature (annotation based or not) for ignoring a specific rule.
The php analyser only support one issue filtering, the NoSonarFilter that disable all rules at a specific line by using a comment containing NOSONAR.
If a rule generate some false positives, or if you are facing a real life example where such filter is require, you can provide some feedback at community.sonarsource.com

Related

Add java rules in sonarqube

I want to add customized java rules in sonarqube. I have googled it and found that we need to make a pluggin for that. But can't find any proper link describing to make the rule. Any help would be appreciable.
You can follow "Writing Custom Java Rules 101", which describes how to make a sonar-packaging-maven-plugin artifact.
When implementing a rule, there is always a minimum of 3 distinct files to create:
A test file, which contains Java code used as input data for testing the rule
A test class, which contains the rule's unit test
A rule class, which contains the implementation of the rule.
As mentioned in "Custom Rules for Java", To go further, you can explore a sample plugin containing other custom rules.
This project can be browsed or downloaded.

SonarQube - Rule based on defined regular expression.

Does SonarQube have a rule which will scan a files content for a reqular expression and if found during a scan will mark as an issue?
Example:
I want a rule which that will scan each file for the word "AcmeProducts" and mark it as "Critical" if found.
Thanks
Jason
I was able to accomplish this by creating a custom rule based on the Comment pattern matcher rule in sonarqube.
I'm not sure if such rule exists.
You could implement a custom plugin to provide such rule.
Something that's very close to what you need is the HasTagSensor of the Xoo Plugin, which is not a real plugin, but a sample to demonstrate and test features of the plugin API.
The HasTag rule implementation that I linked raises an issue for each occurrence of some configured string (not a regex).
Based on this, you could implement a rule that uses a regex parameter instead of a string.
I think that what you are looking for is implemented in the sonar checkstyle plugin.
To configure such a rule :
Install the sonar checkstyle plugin. The instructions to follow is
given here, on the sonar checkstyle plugin GitHub page :
https://github.com/checkstyle/sonar-checkstyle.
Reboot your sonar instance to make the new plugin available
Configure a new rule, using the following menu sequence :
"Quality profile"
select the quality profile to modify
in the rule list, select "Activate more"
in the "repository" section, select "checkstyle" to filter checkstyle's plugin rules
select the rule template "Regexp Singleline" and create a new rule base on a regex detecting your prohibited key word.

How to delete an issue from SonarQube interface

I have a web app project where the quality is measured under sonarqube.
As i'm dealing with an external code within my project files
Recently i have had some issues appearing due to that exetrnal code and which i'm not focusing on its quality :
So i wanna just delete the issue to appear from my sonar dashboard (which looks like the following):
The solutions that i have had where not really usefull , as :
i was suggested to change the level of the rule itself from "issue" to "info" :
And of course that seems to be not usefful because , i won't affect the rule itself
the second suggestion was to use the :
#SuppressWarnings decorator in my blocks of code where the issues appeared ; : for example use it under classes or methods or even fields
-> this method results in adding some code to my extarnal code and that won't be also good as i'm not even having the permission to do it.
I wanna just the simpliest solution to delete the issue from the sonar dashboard , just suppress it from the SonarQube interface , strangely it seems that there is no a direct way to do it :
Any better ideas ??
The easiest way is excluding external code from the report with narrowing the focus feature.
Just add to your sonar-project.properties file path pattern to exclusion, for example
# Exclude all classes ending by "Bean"
# Matches org/sonar.api/MyBean.java, org/sonar/util/MyOtherBean.java, org/sonar/util/MyDTO.java, etc.
sonar.exclusions=**/*Bean.java,**/*DTO.java
# Exclude all classes in the "src/main/java/org/sonar" directory
# Matches src/main/java/org/sonar/MyClass.java, src/main/java/org/sonar/MyOtherClass.java
# But does not match src/main/java/org/sonar/util/MyClassUtil.java
sonar.exclusions=src/main/java/org/sonar/*
If you're not interested some issues because it's not your code, then you should not have SonarQube analyze that code. According to the SonarQube documention:
We recommend that you exclude generated code, source code from
libraries, etc.
You should check in particular the following settings in the same documentation page:
sonar.sources
sonar.exclusions
These settings will be taken into account the next time you run an analysis.

"Copyright and license headers should be defined" issue in Sonar 5.4

How to get rid of "Copyright and license headers should be defined"? Even after providing the header Sonar 5.4 gives error? Can someone give a sample header which is working for Sonar 5.4 ?
This is a configurable rule, so look closely at the header you have configured. You don't say which language this pertains to, so I'll mention that in some languages it's possible to have the configured header evaluated as a regex while in others it can only be evaluated as an exact string match. Either way, this is a question of matching a pattern, and something as simple as a missing or additional space character could be what's throwing it off.
An online regex tester may be helpful to you in properly configuring the value for the rule.

How do I import existing phpcodesniffer results into sonar?

I'm starting out with Sonar. We've got about 10 custom sniffs in our own standard for PHP_Codesniffer and are using a subset of various sniffs of other standards. PHP_Codesniffer works like a charm and generates a report in Checkstyle format.
How can I get Sonar5.1 to import this codesniffer-results-in-checkstyle-format.xml file?
I heard this was possible in older versions of the PHP plugin, but I'm not sure if that relates to a ruleset.xml or to the actual results of the run.
It's no longer possible to import external rules from tools like CodeSniffer, PHPDepend, ... The PHP Plugin rely now exclusively on SonarQube Rules Engine as it is mentioned here : http://docs.sonarqube.org/display/PLUG/PHP+Plugin and it provides out of the box 110 predefined rules.
You can write as of now custom rules unless you customize directly the PHP Plugin.
If some rules are missing, you are more than welcome to share with us your suggestions.

Resources