Use wildcard to exclude paths in PVS-Studio configuration file - pvs-studio

I would like to exclude 3rd-party libraries from analysis.
exclude-path=*/boost/*
exclude-path=*/llvm/*
But it doesn't work. I still have Boost-related messages in output log.
How to filter out messages based on wildcard?

As at the 2020 year, PVS-Studio supports exclusion of directories using masks both in the configuration file:
exclude-path=*/boost/*
exclude-path=*/llvm/*
and in the launch parameters:
pvs-studio-analyzer analyzer ... -e \*/boost/\* -e \*/llvm/\* ...

Related

Excluding specific set of files from lint issue report

I am using gometalinterv2 in my Go project for linting. After the lint report is generated, the report file is linked to sonarqube for analysis and presentation.
I want to exclude some files like *_test.go from linting. I know there is a --exclude flag for gometalinterv2 to exclude folders. But since _test.go files are in the same folder/package as the source code, this won't work.
So is there any way to achieve this (either at linting stage or in sonar properties file)?
Add config file .gometalinter.json to the root of your project and specify rules for excluding:
{
"exclude": [
".*_test.go",
"/any/folder/"
]
}
I found another way after I marked #bayrinet's answer. The files (not just folders) to be excluded can also be passed to the command using the exclude flag like below -
>gometalinter.v2 ./... --exclude=somefolder --exclude=.*_test.go

Sonarqube file exclusion rule not working

I have written Sonarqube file exclusion rules. But it doesn't seem working. The intention is to exclude all files contain "jquery" in the file name in one or more directories inside "static". below is the rule
/static/**/*jquery*.js
is the above rule written correctly? is it case sensitive?
The root of your path likely isn't "static", so instead of
/static/**/*jquery*.js
Try
**/static/**/*jquery*.js

Checkstyle and Maven's Standard Directory Layout

I'm following Maven's Standard Directory Layout for my project.
Is there a preferred directory to put my checkstyle.xml file? I've seen it on at least 3 possible locations:
src/main/resources/checkstyle.xml
src/main/checkstyle/checkstyle.xml - Example: Joda-Time
src/checkstyle/checkstyle.xml - Example: Spring Boot
Since this is mostly a file for developers, the first option gives me doubts. Would it make sense to include checkstyle.xml into the JAR file?
Thanks,
Fede
Putting checkstyle.xml in src directory doesn't really make sense, as it is not part of source code.
The most common convention I've observed in my projects is putting it into config/checkstyle/checkstyle.xml. Thousands of projects use it (filename:checkstyle.xml path:config/checkstyle) and Gradle uses this location by default.

How to use Sonar Runner on selected files?

I want to run Sonar Runner only on some selected files only. I'm using SonarRunner Ant.
My project directory structure is :
MyProject
|
|-----src
|-----java
|-----A
|-----B
| |---<files>.java
|
|-----C
| |---<files>.java
|
|-----hello.java
Now I want to run Sonar Runner only on hello.java file.
sonar.sources=../../../MyProject/src // takes the source directory
sonar.sources=../../../MyProject/src/java/A/hello.java didn't work
sonar.exclusions=**/**/*.java // excludes all java files
// now I want to include only hello.java file
// didn't find any parameter for inclusion, but tried the following
sonar.inclusions=hello.java // didn't work
sonar.inclusions=java/A/hello.java // didn't work
Referred this article for analysis parameters.
One solution which crossed my mind is : exclusion of all the files but the required ones.
But here the structure is just a small part. In real I have more than 250 java files, and want to generate report for, say, 10 files only. Then, by this approach, excluding 240+ files doesn't look a good idea.
Is there anyway to generate sonar report on selected files, other than the mentioned approach?
If you're looking for specific files, you might try the same syntax as is listed to explicitly exclude files (Narrowing the Focus - at the bottom)
#Absolute Path
To define an absolute path, start the pattern with "file:"
#Exclude all the *.cs files included in /path_to_my_project/myProject/src/generated and its subdirectories
sonar.exclusions=file:/path_to_my_project/myProject/src/generated/**/*.cs
#Exclude all the java classes contained in a src/generated/java directory and its subdirectories
sonar.exclusions=file:**/src/generated/java/**/*.java

SonarQube Exclude a directory

I am trying to exclude a directory from being analyzed by Sonar. I have the following properties defined in my sonar-project.properties file:
sonar.sources=src/java
sonar.exclusions=src/java/test/****/*.java
The directory structure I have is:
src/java/dig
src/java/test/dig
When I run the sonar-runner I get the following info:
INFO - Excluded sources:
INFO - src/java/test/**/*.java
INFO - Excluded tests:
INFO - **/package-info.java
But when I check the result of the analysis all the packages inside the test directory are still there.
I just need to tell Sonar to not analyze the test directory and any packages inside it.
Try something like this:
sonar.exclusions=src/java/test/**
I'm able to exclude multiple directories using the below config (comma separated folder paths):
sonar.exclusions=system/**, test/**, application/third_party/**, application/logs/**
And while running the sonar runner I got the following in the log:
Excluded sources:
system/**
test/**
application/third_party/**
application/logs/**
This will work for your case:
sonar.exclusions=**/src/java/dig/ ** , **/src/java/test/dig/ **
Another configuration option is adding a maven properties sonar.exclusions. Below is a sample pom file with exclusions of static jquery directory and static pdf viewer directory.
<project >
<modelVersion>4.0.0</modelVersion>
<artifactId>my Artifact</artifactId>
<!-- Enviroment variables can be referenced as such: ${env.PATH} -->
<packaging>war</packaging>
<url>http://maven.apache.org</url>
<properties>
<junit.version>4.9</junit.version>
<mockito.version>1.9.5</mockito.version>
<jackson.version>1.9.7</jackson.version>
<powermock.version>1.5</powermock.version>
<!--Exclude the files Here-->
<sonar.exclusions>src/main/webapp/static/jquery_ui/*,src/main/webapp/static/pdf-viewer/*,src/main/webapp/static/pdf-viewer/**,src/main/webapp/static/pdf-viewer/**/*</sonar.exclusions>
</properties>
If we want to skip the entire folder following can be used:
sonar.exclusions=folderName/**/*
And if we have only one particular file just give the complete path.
All the folder which needs to be exclude and be appended here.
Easiest way is to go to the server URL after starting the server(localhost:8080) then login as admin,Go to settings>Exclusions> Source File Exclusions- Add your packages here.
Restart the server.
If you're an Azure DevOps user looking for both where and how to exclude files and folders, here ya go:
Edit your pipeline
Make sure you have the "Prepare analysis on SonarQube" task added. You'll need to look elsewhere if you need help configuring this. Suggestion: Use the UI pipeline editor vs the yaml editor if you are missing the manage link. At present, there is no way to convert to UI from yaml. Just recreate the pipeline. If using git, you can delete the yaml from the root of your repo.
Under the 'Advanced' section of the "Prepare analysis on SonarQube" task, you can add exclusions. See advice given by others for specific exclusion formats.
Example:
# Additional properties that will be passed to the scanner,
# Put one key=value per line, example:
# sonar.exclusions=**/*.bin
sonar.exclusions=MyProjectName/MyWebContentFolder/**
Note: If you're not sure on the path, you can go into sonarqube, view your project, look at all or new 'Code Smells' and the path you need is listed above each grouping of issues. You can grab the full path to a file or use wilds like these examples:
MyProjectName/MyCodeFile.cs
MyProjectName/**
If you don't have the 'Run Code Analysis' task added, do that and place it somewhere after the 'Build solution **/*.sln' task.
Save and Queue and then check out your sonarqube server to see if the exclusions worked.
what version of sonar are you using?
There is one option called "sonar.skippedModules=yourmodulename".
This will skip the whole module. So be aware of it.
You can do the same with build.gradle
sonarqube {
properties {
property "sonar.exclusions", "**/src/java/test/**/*.java"
}
}
And if you want to exclude more files/directories then:
sonarqube {
properties {
property "sonar.exclusions", "**/src/java/test/**/*.java, **/src/java/main/**/*.java"
}
}
Add comma separated folder paths sonar.exclusions=**/abc/**,**/def/**
This worked in an angular project
I typed case sensitive and used "" and it worked. Analyze time decreased to 3 minutes from 10.
# Additional properties that will be passed to the scanner,
# Put one key=value per line, example:
sonar.exclusions=**\Scripts\**\*,**\Content\**\*
Just to mention that once you excluded the files from Sonar, do the same for Jacoco plugin:
<configuration>
<excludes>
<exclude>com/acme/model/persistence/entity/TransactionEntity*</exclude>
<exclude>com/acme/model/persistence/ModelConstants.class</exclude>
</excludes>
</configuration>
add this line to your sonar-project.properties file
ex: sonar.exclusions=src/*.java
be careful if you want to exclude a folder and inside the folder there is a file you must first exclude the files or add the files one by one
for example imagine there is a folder like below:
src/app.java
src/controllers/home.java
src/services/test.java
you have to do this:
sonar.exclusions=src/app.java,src/controllers/*.java,src/services/*.java
It worked for me
You can skip library like this
project(":libABC") {
apply plugin: 'org.sonarqube'
sonarqube {
skipProject = true
}
}
This worked for me:
sonar.exclusions=src/**/wwwroot/**/*.js,src/**/wwwroot/**/*.css
It excludes any .js and .css files under any of the sub directories of a folder "wwwroot" appearing as one of the sub directories of the "src" folder (project root).

Resources