SonarQube sonar.issue.ignore.multicriteria and MSBuild - sonarqube

I have a Console project and want to disable the rule Console logging should not be used on it.
But it seems MSBuild don't get theses exclusions (anything found in Agent logs, or .sonarqube logs) added in project configuration (sonar.issue.ignore.multicriteria).
Rule Key Pattern: csharpsquid:S2228
File Path Pattern:**/MyProject/**/*.*
Do I have to have a configuration file or MSbuild should retreive Sonar configuration for projects ?
For the first project, the runner try to get server rules:
2016-01-29T08:37:36.3162048Z 09:37:36.217 INFO - ------------- Scan FisrtProject
2016-01-29T08:37:36.3172057Z 09:37:36.288 INFO - Load server rules
2016-01-29T08:37:36.8185565Z 09:37:36.629 INFO - Load server rules (done) | time=341ms
But not the others. I thougt that, as the runner has passed once for this rule and this file, these default are not deleted automatically, but should I to find logs about this ?
I try to change sonar.global.exclusions and sonar.exclusions and they are found by the runner.

The sonar.exclusions / sonar.global.exclusions are not what you want to use. They are for excluding files from the analysis not rules.
To exclude a rule specifically for a project you must define, in SonarQube, a quality profile and remove that rule from the profile, and assign that quality profile to your project. You can copy your standard profile in a new one and remove the rule on the new one, or use the more flexible quality profile inheritance mechanism (QP for consoles apps inherits from the default QP minus the csharpsquid:S2228 rule)
Then run the analysis as usual.

None of the SonarQube.Issue.* properties can be set by the command line since they are multivalued. Please find the official documentation here.
You can have SonarQube ignore issues on certain components and against certain coding rules. Go to Administration > General Settings > Analysis Scope > Issues.
Note that the properties below can only be set through the web interface because they are multi-valued.
These are the SonarQube issue properties:
Ignore Issues on Files - Key: sonar.issue.ignore.allfile
Ignore Issues in Blocks - Key: sonar.issue.ignore.block
Ignore Issues on Multiple Criteria - Key: sonar.issue.ignore.multicriteria
Restrict Scope of Coding Rules - Key: sonar.issue.enforce.multicriteria
If you want to set this property globally for all SonarQube projects then go to the Administration -> Analysis Scope of your SonarQube server:
Browse to the your Sonar instance : http://servername:9000
Login as Admin
Click on Administration
Choose the Analysis tab on the left hand side
Go down to the issues block and look at the "Ignore Issues on Multiple Criteria"
If you want to apply this exclusion for a specific SonarQube project then select the project and then browse the project -> Administration -> Analysis Scope.

Related

SonarQube Generic Execution Report is ignored

The whole morning I have been trying to setup e2e tests reporting via SonarQube's Generic Execution, by using the Generic Test Data -> Generic Execution feature.
I created a custom xml report that gets added to the scan properties like this:
sonar.testExecutionReportPaths=**/e2e-report.xml
So far, SonarQube seems to completely ignore this property and I no attempt to parse the file in the logs. Has anyone made it work?
These are links by Sonar about the Generic Execution feature:
https://docs.sonarqube.org/display/SONAR/Generic+Test+Data
https://github.com/SonarSource/sonarqube/blob/master/sonar-scanner-engine/src/main/java/org/sonar/scanner/genericcoverage/GenericTestExecutionSensor.java
This is a SonarQube 6.2+ feature. Make sure to use an appropriate SonarQube version.
In addition sonar.testExecutionReportPaths does not allow matchers (like *).
Please provide relative or absolute paths, comma separated.
See also:
The official documentation of the Generic Test Data feature
The source code, that looks up the generic execution files

Disable specific sonarqube rule for all java files in a project

I am running sonarqube analysis for one of my java project and it is reporting a lot of violations and majority of the violations reported are for the maximum number of parents a class can have squid:MaximumInheritanceDepth
This class has 6 parents which is greater than 5 authorized
I have more than 100 classes in the project and I do not want to add #SuppressWarning annotation for each of the classes.
Is there a way I can disable this rule for all the Java files in my project?
One option is to analyze this project with a copy of that profile from which you've removed this rule.
Another is to create a another profile, inherit the rules from your existing profile and update the parameter value on this particular rule, bumping the value to 6 (or 7 or ...)
A third option is to use exclusions to effectively turn that rule off for the files in your project.
Go to Project Administration > General Settings > Analysis Scope > Ignore Issues on Multiple Criteria and fill in the rule key (squid:MaximumInheritanceDepth) and file pattern (**/*.java) and that should do the trick.

How to enable/disable any rule from SonarLint in Eclipse

I have SonarLint installed in Eclipse and there is a remotely set up sonarQube server, but rules are different on both . How can I configure rules same as SonarQube on SonarLint in my Eclipse ?
I thought I would leave this up here for anyone looking.....
To Disable/Re-Enable Rules in SonarLint/Eclipse.
-Window-Preferences-SonarLint-Rules Configuration.
-Select Your Language(in my case Java).
-Select the drop for changed rules or open the + symbol to show all rules.
In your Java code, you can disable a specific rule for a single method using annotations:
#java.lang.SuppressWarnings("java:S2699")
You want to use the connected mode in order to apply the same ruleset on your IDE that the one running on your SonarQube instance.
Have a look at the relevant documentation :
http://www.sonarlint.org/eclipse/#Connected

Jenkins Matrix build. Combination filter groovy script fails after upgrade

Upgraded 1.599->1.605
Matrix job is used
In order to chooseparticular configuration or run All of them the following groovy expression is used in Combination filter:
targetHost=="All" || targetHost.contains(hostUnderTest)
where
hostUnderTest is matrix axis that contains the list of available hosts
targetHost is build parameter and usually contains comma separated list of hosts against which tests are executed
It was working on 1.599 but fails with the following error after update to 1.605
FATAL: Scripts not permitted to use method java.lang.String contains java.lang.CharSequence
I suppose these are due to some security restriction - could someone please advise how to disable them or propose another workaround?
That is truly a pain. What version of the matrix-project do you have? You can see this through Manage Jenkins -> manage plugins
If its 1.4.1 then it is a bad release and you need to downgrade to 1.4 https://issues.jenkins-ci.org/browse/INFRA-250
I think you should be able to apply 1.4 over the top if you download it and used the advanced tab on the manage plugin page
According to this comment - appears to be expected behaviour.
Script works correctly after being approved by jenkins admin in
Manage Jenkins ยป In-Process Script Approval
menu

How can I restrict the Sonar JavadocMethod rule to filenames including "Controller"?

I have a pre-existing Java project, that Sonar Analysis was recently applied to. There are a large number of CheckStyle JavadocMethod rule violations.
How would I restrict the JavadocMethod rule, to apply only to java filenames with the pattern "Controller.java" ?
The JavadocMethod check does not offer an option to limit itself to certain files, so this cannot be done easily. But - you could:
Write a custom filter which suppresses all JavadocMethod warnings that occur in files which do not match a pattern. This is not difficult - the example on the linked page covers just that case. But it requires you to deploy the filter and that may be a bit of a hassle.
I am not sure if this works in Sonar. I use custom Checkstyle checks in Sonar all the time, but I haven't tried custom filters yet.
Write a subclass of Checkstyle's JavadocMethodCheck which adds an option to apply itself only to certain files (Sonar Examples, Checkstyle tutorial). This is a sure bet if custom filters cannot be added to Sonar.
If you are using Eclipse, you can configure it to use different rule sets based on filename. You would do that using the "advanced" configuration setting in the project properties. Your regexes would be Controller\.java$ to match all controllers, and .{10}(?<!Controller)\.java$ to match the other Java files. This approach could also be applied to a stand-alone or Ant-based Checkstyle run, but not to Sonar.
I am sorry that there is nothing easier available to you - but that's how things are at the moment ... Good luck!

Resources