I am running sonarqube analysis for one of my java project and it is reporting a lot of violations and majority of the violations reported are for the maximum number of parents a class can have squid:MaximumInheritanceDepth
This class has 6 parents which is greater than 5 authorized
I have more than 100 classes in the project and I do not want to add #SuppressWarning annotation for each of the classes.
Is there a way I can disable this rule for all the Java files in my project?
One option is to analyze this project with a copy of that profile from which you've removed this rule.
Another is to create a another profile, inherit the rules from your existing profile and update the parameter value on this particular rule, bumping the value to 6 (or 7 or ...)
A third option is to use exclusions to effectively turn that rule off for the files in your project.
Go to Project Administration > General Settings > Analysis Scope > Ignore Issues on Multiple Criteria and fill in the rule key (squid:MaximumInheritanceDepth) and file pattern (**/*.java) and that should do the trick.
Related
I have defined a few days ago, after receiving an answer to this question, two rules for forbidding the use of specific classes in our Java code. The starting point for defining them was the Squid:S3688 rule template ("Track uses of disallowed classes").
However, I have yesterday migrated the SonarQube 6.7.2 instance installed on my Windows 10 laptop to the most recent LTS (v6.7.4). As prescribed, I installed the newer version in a different folder while reusing the existing database. Upon inspection, everything looked fine.
My problem is that the web UI of SonarQube no longer shows the two custom rules. I thought the migration had somehow removed them. But when I tried to redefine the first one, I got this message:
A rule with the key 'NO_APACHE_COMMONS_LOGGING' already exists.
I agree that the rule already exists: I created it like a week ago. But I do not see it in the UI, no matter how I search for it:
the page of the rule template does not list any custom rules that implement the rule template,
I do not see the custom rule when viewing the profile used by my team
Search results are empty.
I went to the PostgreSQL database to see whether the rule was in the rules table and it is indeed there, just like the other rule "NO_LOG4J_LOGGING" that I've created. All values in the columns of the record are consistent with what I defined.
I have set the log levels to TRACE, hoping to see the generated SQL, but I didn't learn much from the logs.
My question: is there anything to do to restore/retrieve custom rules after a migration? I mean, apart from tampering with the database.
I have a Console project and want to disable the rule Console logging should not be used on it.
But it seems MSBuild don't get theses exclusions (anything found in Agent logs, or .sonarqube logs) added in project configuration (sonar.issue.ignore.multicriteria).
Rule Key Pattern: csharpsquid:S2228
File Path Pattern:**/MyProject/**/*.*
Do I have to have a configuration file or MSbuild should retreive Sonar configuration for projects ?
For the first project, the runner try to get server rules:
2016-01-29T08:37:36.3162048Z 09:37:36.217 INFO - ------------- Scan FisrtProject
2016-01-29T08:37:36.3172057Z 09:37:36.288 INFO - Load server rules
2016-01-29T08:37:36.8185565Z 09:37:36.629 INFO - Load server rules (done) | time=341ms
But not the others. I thougt that, as the runner has passed once for this rule and this file, these default are not deleted automatically, but should I to find logs about this ?
I try to change sonar.global.exclusions and sonar.exclusions and they are found by the runner.
The sonar.exclusions / sonar.global.exclusions are not what you want to use. They are for excluding files from the analysis not rules.
To exclude a rule specifically for a project you must define, in SonarQube, a quality profile and remove that rule from the profile, and assign that quality profile to your project. You can copy your standard profile in a new one and remove the rule on the new one, or use the more flexible quality profile inheritance mechanism (QP for consoles apps inherits from the default QP minus the csharpsquid:S2228 rule)
Then run the analysis as usual.
None of the SonarQube.Issue.* properties can be set by the command line since they are multivalued. Please find the official documentation here.
You can have SonarQube ignore issues on certain components and against certain coding rules. Go to Administration > General Settings > Analysis Scope > Issues.
Note that the properties below can only be set through the web interface because they are multi-valued.
These are the SonarQube issue properties:
Ignore Issues on Files - Key: sonar.issue.ignore.allfile
Ignore Issues in Blocks - Key: sonar.issue.ignore.block
Ignore Issues on Multiple Criteria - Key: sonar.issue.ignore.multicriteria
Restrict Scope of Coding Rules - Key: sonar.issue.enforce.multicriteria
If you want to set this property globally for all SonarQube projects then go to the Administration -> Analysis Scope of your SonarQube server:
Browse to the your Sonar instance : http://servername:9000
Login as Admin
Click on Administration
Choose the Analysis tab on the left hand side
Go down to the issues block and look at the "Ignore Issues on Multiple Criteria"
If you want to apply this exclusion for a specific SonarQube project then select the project and then browse the project -> Administration -> Analysis Scope.
I have a pre-existing Java project, that Sonar Analysis was recently applied to. There are a large number of CheckStyle JavadocMethod rule violations.
How would I restrict the JavadocMethod rule, to apply only to java filenames with the pattern "Controller.java" ?
The JavadocMethod check does not offer an option to limit itself to certain files, so this cannot be done easily. But - you could:
Write a custom filter which suppresses all JavadocMethod warnings that occur in files which do not match a pattern. This is not difficult - the example on the linked page covers just that case. But it requires you to deploy the filter and that may be a bit of a hassle.
I am not sure if this works in Sonar. I use custom Checkstyle checks in Sonar all the time, but I haven't tried custom filters yet.
Write a subclass of Checkstyle's JavadocMethodCheck which adds an option to apply itself only to certain files (Sonar Examples, Checkstyle tutorial). This is a sure bet if custom filters cannot be added to Sonar.
If you are using Eclipse, you can configure it to use different rule sets based on filename. You would do that using the "advanced" configuration setting in the project properties. Your regexes would be Controller\.java$ to match all controllers, and .{10}(?<!Controller)\.java$ to match the other Java files. This approach could also be applied to a stand-alone or Ant-based Checkstyle run, but not to Sonar.
I am sorry that there is nothing easier available to you - but that's how things are at the moment ... Good luck!
I am using sonar false-positive feature in my project deployed on sonar server and i have marked some violation instances(lets 50 instances) as false positive.
Now i create a new project in sonar having the same code base and deploy it on sonar. As code base is same for both of my projects this is obvious that those "50" violation instances will occurs here also, which i have marked as false-positive in my previous project.
Now i dont want to spend time to mark these instances as false-positive again so i want to ask is there any way to mark these "5o" violation instances as false-positive by refering my first project without doing manually??
Can i make a template/profile type feature to copy false-positive marks from one project and apply it on other project having same code base so that i can save my time??
Kindly revert if anyone know any way to execute this.
Your response will be appreciable..
Thankks in advance!
It is not currently possible to achieve what you want, unless you write a small Java program that uses Sonar Web Service Java client and that does the job.
The only trick I found was to add a // NOSONAR comment on line containing the false positive.
This way, the information is shared among branches.
But, as the NOSONAR masks any sonar issue, you may miss another sonar issue as the one intended to mask.
Example:
var myVar; // NOSONAR
I want to include a log4j.properties file in my maven build, but be able to use a different properties file at execution time (using cron on unix)
Any ideas?
You want to be able to change properties per environment.
There are number approach to address this issue.
Create directory in each environment which will contain different files (log4j.properties in your example). Add these directories to your classpath in each environment.
Use filter ability + profile ability of maven in order to populate log4j.properties with correct values in the build time.
Use build server (Jenkins, for example) which essentially will make p.2.
Each of these approaches has it's own drawbacks. I am currently using a bit weired combination of 2&3 because Jenkins limitations.