How to make sonar analysis for C++ work? - sonarqube

I'm trying to use sonar for static analysis on a c++ code. I've installed sonar and configured my project (it appears on the localhost sonar page, but i do not see any code violation for the respective code). I have the C++ community plugin installed.
My sonar-project.properties looks like this:
# required metadata
sonar.projectKey=DiceInvaders
sonar.projectName=Dice Invaders
sonar.projectVersion=1.0
# optional description
sonar.projectDescription=DiceInvaders by CS
# path to source directories (required)
sonar.sources=D:\\DiceInvaders\\Code
# path to test source directories (optional)
#sonar.tests=D:\\DiceInvaders\\Code
# path to project binaries (optional), for example directory of Java bytecode
#sonar.binaries=binDir
# optional comma-separated list of paths to libraries. Only path to JAR file is supported.
#sonar.libraries=path/to/library/*.jar,path/to/specific/library/myLibrary.jar,parent/*/*.jar
# The value of the property must be the key of the language.
sonar.language=c++
sonar.exclusions=**/*.ipch, **/**/*.rc
sonar.cxx.cppcheck.path = "C:\Program Files (x86)\Cppcheck\cppcheck.exe"
sonar.cxx.cppcheck.reportPath="D:\DiceInvaders\Code\cppcheck-reports\cppcheck.xml".
# Additional parameters
#sonar.my.property=value
I do not get any error when running sonar-runner from cmd.
If i run manually the cppcheck.exe tool on my project I can find violations. Why don't the violations appear on sonar's page?
Is there something else I should configure, am I doing something wrong?

I was able to make it work by running the cppcheck tool independently before sonnar-runner, and placing the generated xml report in the bin folder of sonnar-runner.
In the sonar-project.properties file I've specified the xml directly:
sonar.cxx.cppcheck.reportPath=cppcheck-result-1.xml

I had a similar problem, which was caused by a whitespace after 'sonar.language=cs'. Be sure that there is a linebreak immediately after 'cxx'. Hope it works.

The language key of the Sonar C++ Community plugin is not 'c++' but 'cxx'. See http://docs.codehaus.org/pages/viewpage.action?pageId=185073817.
So you must replace 'sonar.language=c++' by 'sonar.language=cxx'

Related

SonarCFamily only detects code-smells duplicate code blocks

I'm trying to use SonarScanner with SonarCFamily plugin on my C codebase on ubuntu. I see that the scanner is able to only detect "code smells - duplicate blocks of code" in my codebase and no other forms of bugs/vulnerabilities. I intentionally added a memory leak in the code and SonarQube couldn't detect it while open source SA tool Cppcheck was able to. Am I missing some setting in the sonar-project.properties file ? My sonar.properties file is as follows. Are there any settings needed in the server/SonarCFamily plugin for the tool to detect other forms of SA errors ?
# must be unique in a given SonarQube instance
sonar.projectKey=c-sa-test
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=c-sa-test
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=src
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
sonar.host.url=http://localhost:9000
sonar.cfamily.build-wrapper-output=bw_output
sonar.c.file.suffixes=.c,.h
sonar.cpp.file.suffixes=.cc,.cpp,.cxx,.c++,.hh,.hpp,.hxx,.h++,.ipp
Found the root cause - Was missing providing some elements of the project build process as input to the build wrapper. Once those were added, SonarQ provided a detailed report.
I had the exact same problem where SonarCFamily was only reporting code duplications. It was due to an incorrect build process as input to the build wrapper. In my case, I was using SonarScanner.MSBuild and on my build-wrapper line, I didn't have the Configuration and Platform specified, so my projects were not getting built or scanned. The final working lines were:
SonarScanner.MSBuild.exe begin /k:"your key" /d:sonar.cfamily.build-wrapper-output=”bw_output”
build-wrapper-win-x86-64.exe --out-dir bw_output MSBuild.exe your_solution.sln /p:Configuration=Release /p:Platform=x64
SonarScanner.MSBuild.exe end

Unable to get Sonar-Qube to analyze project

I have seen the other 2 appends and added sonar.languages=COBOL to my sonar-project.properties file to no avail.
I think it's basically more a case of not understanding the documentation (or the latter never having been "idiot tested"").
My problem is as follows. My properties file contains the following entries:-
# sonar.sources=../../mfuser/seb/source/
sonar.sources=C:/mfuser/SEB/Source
sonar.cobol.file.suffixes=cbl,cpy
sonar.cobol.copy.suffixes=cpy
#
sonar.languages=COBOL
When I run the sonar-scanner bat file, I'm seeing output like this:-
WARN File C:\mfuser\seb\source\vvira20.cbl is ignored. It is not located in module basedir c:\sonar-scanner\bin
To me this gives the impression that I can point to the directory containing my COBOL code, but at the same time the actual code HAS to be in c:\sonar-scanner\bin. Surely, that can't be the case? If it is, what is the point with the sonar.sources entry in the properties file?
In addition, onece I get this working, is there some way of specifying a parm/wild card so as to analyze SPECIFIC files. I tried sonar.sources=C:/mfuser/SEB/Source/vno* but that didn't seem to make any difference.
Thanks
You ran sonar-scanner from its own directory instead of running from the project directory. As the documentation says:
Run the following command from the project base directory
sonar-scanner
This same documentation recommends to create the sonar-project.properties file at the root of the project directory and to set the "sonar.sources" property to a path which is relative to the sonar-project.properties file.
Alternatively, you may want to use the "sonar.projectBaseDir" property. See the documentation for analysis parameters.

How to configure a sonar-project.properties file for code coverage?

Current my scanner is running through and only scanning the parent and skipping the rest of my nested files. If I run sonarlint (using the cli and specifying some test and source files) , it tries to analyze 37k files instead of the few I need. I have been able to skip ~3k files by adding the <sonar.skip>true</sonar.skip> property to a pom file. However, I still can't configure the project to run across certain sub-folders and print out some kind of code coverage test. (Is JaCoCo needed for the latest version(6.3,0)? Or can code-coverage be handled through some configuration?).
If Sonar seems to be analyzing too many files, it is probably because you had not set the sonar.sources=src/main/java in your sonar-project.properties file, so it defaults to the basedir and includes everything.
SonarQube can't do code-coverage itself, it just reports on coverage-reports from a tool like JaCoCo. It is funny they don't clarify these things in https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner --but with enough digging, you can find good info on that site.

Unable to scan Cobol project using SonarQube

I am trying to workout code analysis for my COBOL code with SonarQube. I installed sonarcobol plugin and using sonarscanner I am trying to check for analysis. when I do sonar-scanner in respective directory, it says success but unable to see analysis in SonarQube server.
Attached is my sonar-project.properties
sonar.host.url=http://xxxxx:9000/
sonar.login=admin
sonar.password=admin
sonar.projectKey=cobol
sonar.projectName=cobol
sonar.projectVersion=1.0
sonar.sources=.
sonar.sourceEncoding=UTF-8
## Cobol Specific Properties
# comma-separated paths to directories with copybooks
sonar.cobol.copy.directories=copybooks
# comma-separated list of suffixes
sonar.cobol.file.suffixes=cbl,cpy
sonar.cobol.copy.suffixes=cpy
## Flex Specific Properties
# retrieve code coverage data from the Cobertura report
#sonar.flex.cobertura.reportPath=coverage-report/coverage-cobertua-flex.xml
# PL/I Specific Properties
sonar.pli.marginLeft=2
sonar.pli.marginRight=0
from the Author's comment above:
I solved this by adding sonar.languages=COBOL in sonar-project.properties
Pasting here for convenience.

No LOC or Bugs picked up by SonarQube runner

I am using sonar-web-frontend-plugin
I have the following sonar-project.properties file which is located at this path
E:\agent2\test\sonar-project.properties
sonar.projectKey=Test
sonar.projectName=Test
sonar.projectVersion=1.0
sonar.sources=src/app
sonar.sourceEncoding=UTF-8
I have my source code in the following location
E:\agent2\test\src\app
My runner is located here
E:\agent2\test\.sonarqube\bin\sonar-scanner-2.8\bin\
and I am running the following in cmd E:\agent2\test>
E:\agent2\test\.sonarqube\bin\sonar-scanner-2.8\bin\sonar-runner -Dproject.settings= E:\agent2\test\sonar-project.properties -X
It is all running fine but no issues are being reported and no LOC are being picked up in the log it says the following
Calculating CPD for 0 Files
So it does not actually seems to analyse anything, I know there are issues because when i run TSlint locally i get issues found
Your analysis setup looks okay.
It is very likely that you don't have the relevant language plugin installed on your SonarQube instance. Either that, or your code is contained in files with unrecognized extensions.
Each language plugin tells SonarQube scanner "I'm interested in files with these extensions:..."
The fact that the analysis is over "0 Files" indicates that no file extensions were recognized.

Resources